Professional Documents
Culture Documents
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCDE, CCSI, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0903R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Installation and Administration Guide for Cisco Unified Mobility Advantage 2008-2009 Cisco Systems, Inc. All rights reserved.
CH A P T E R
Before you install Cisco Unified Mobility Advantage or upgrade from Release 3.x, perform the following preinstallation procedures and gather the required information. For upgrades from Release 7.0(1), you do not need to change or add to existing settings unless you are adding or changing functionality or enterprise servers. Order of Installation, Upgrade, and Configuration Tasks, page 1-1 Tasks with Long Lead Times, page 1-2 Cisco Unified Mobility Advantage in the Network, page 1-2 Obtaining IP Addresses and DNS Names from IT, page 1-3 Opening Firewall Ports, page 1-5 Your Network and Related Servers Must Be Functioning Properly, page 1-6 Preparing Information Required for Installation and Configuration
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
1-1
Follow the instructions in Upgrading from Release 7.0(1) to Release 7.0(2), page 5-19. For upgrades from Cisco Unified Mobility Advantage Release 3.x to Release 7.0(1): Follow the instructions in Chapter 5, Upgrading Cisco Unified Mobility Advantage. Links will take you to topics throughout the document as needed.
Related Topics
Chapter 7, Using the Configuration Wizard in Cisco Unified Mobility Advantage Chapter 5, Upgrading Cisco Unified Mobility Advantage
Obtaining IP addresses Opening ports in firewalls. Obtaining a signed SSL certificate for the Cisco Adaptive Security Appliance.
Related Topics
Obtaining IP Addresses and DNS Names from IT, page 1-3 Opening Firewall Ports, page 1-5 Required and Recommended Signed Certificates, page 9-2
Cisco Unified Mobility Advantage is deployed behind the enterprise firewall and serves as the integration point for all enterprise services. A Cisco Adaptive Security Appliance (ASA) serves as proxy server for communications between clients and server. Cisco Unified Mobile Communicator communicates with Cisco Unified Mobility Advantage through the Cisco Adaptive Security Appliance. Cisco Unified Communications Manager provides Cisco Unified Mobility features such as unified voice messaging, MobileConnect, and Dial via Office, as well as call log management. Cisco Unified Presence supplies availability status and some contact list management. Cisco Unity or Cisco Unity Connection provides visual Voicemail.
Cisco Unified Mobile Communicator and the Cisco Adaptive Security Appliance The Cisco Adaptive Security Appliance and Cisco Unified Mobility Advantage Cisco Unified Mobility Advantage and the Enterprise Services
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
1-2
Chapter 1
Preparing to Install or Upgrade Cisco Unified Mobility Advantage Obtaining IP Addresses and DNS Names from IT
If your Information Technology department requires information about data flows, see the Appendix.
Figure 1-1 Cisco Unified Mobility Advantage Architecture
Enterprise Services
MMP/SSL/TLS
Firewall
Voice mail
MP
Voice Channel
Obtain the following IP addresses and DNS hostnames from your IT department:
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
1-3
Your Value
Externally-accessible IP address and its corresponding externally-visible DNS IP Address: name. This IP address or host name serves as the following:
Host Name:
The Cisco Adaptive Security Appliance outside (external) interface The fully qualified domain name (FQDN) on the signed certificate that resides on the Cisco Adaptive Security Appliance. You will obtain this certificate when you configure the Cisco Adaptive Security Appliance. The world-routable IP address for the Cisco Unified Mobility Advantage server. The Proxy Host Name to which Cisco Unified Mobile Communicator clients will connect. The value you will enter into the Proxy Host Name field in Cisco Unified Mobility Advantage Admin Portal under System Management > Network Properties.
You will configure NAT rules to translate this IP address to the private IP address of the Cisco Unified Mobility Advantage server. IP address that serves as both of the following:
IP Address:
The Cisco Adaptive Security Appliance inside (internal) interface. This is the source address for Cisco Adaptive Security Appliance to connect to Cisco Unified Mobility Advantage. Shared IP address for consolidating client communications for passing to Cisco Unified Mobility Advantage.
Private IP address for the server on which Cisco Unified Mobility Advantage is IP Address: installed. DNS host name for this server. Host Name
Step 2
Print this section and note the values in Your Value column of the table. You will need this information for configuration. Verify that each DNS host name resolves to its associated IP address.
Step 3
Related Topics
About Cisco Adaptive Security Appliance Deployment Options, page 2-2 How to Obtain and Install a Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
1-4
Chapter 1
Preparing to Install or Upgrade Cisco Unified Mobility Advantage Opening Firewall Ports
Procedure
Step 1
Ask your IT security administrator to open the following bidirectional ports in the specified ranges: Port Proxy Client Connection Port (TCP) Range Default Your Value
Purpose The Cisco Adaptive Security Appliance communicates with the Cisco Unified Mobile Communicator client using these ports.
Inner firewall Cisco Unified Mobility Client Connection Port (TCP) Advantage communicates with the Cisco Adaptive Security Client Download Port (HTTP) Appliance using these ports.
5400-5500 9000-9100
5443 9080
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
205153
1-5
Step 2
Print this section and note the opened port numbers that you receive from IT in the Your Value column of the table. You will need this information for configuration.
Related Topics
Print the following sections of this book so that you can complete the tables with required values for your deployment:
Obtaining IP Addresses and DNS Names from IT, page 1-3 Opening Firewall Ports, page 1-5 Chapter 6, Installing Cisco Unified Mobility Advantage (For new installations) Information in Chapter 7, Using the Configuration Wizard in
Cisco Unified Mobility Advantage for the enterprise servers you will deploy.
(For upgrades from Release 3.x) Information in Appendix A, Page References: Enterprise
Adapter Settings in Cisco Unified Mobility Advantage for the enterprise servers you will deploy.
Review the guidelines for the application dialing rules and directory lookup settings you will need to configure:
Application Dialing Rules, page 3-6 Recommended Directory Lookup Settings, page 3-7
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
1-6
Chapter 1
Preparing to Install or Upgrade Cisco Unified Mobility Advantage Preparing Information Required for Installation and Configuration
Procedure
Step 1
Learn your IT information security requirements, if any, for connections between servers inside the firewall:
Can connections be TCP (nonsecure)? Or must they be TLS or SSL (secure)? If connections must be secure, what certificates must Cisco Unified Mobility Advantage provide?
Gather the required information based on the tables in the sections you printed. Note your values in the tables so that you can refer to them as you install and configure Cisco Unified Mobility Advantage. Work with your Cisco Unified Communications Manager administrator to determine the application dialing rules and directory lookup rules you will need to configure.
Related Topics
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
1-7
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
1-8
CH A P T E R
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage
Revised Date: October 27, 2009
A Cisco Adaptive Security Appliance (ASA) is required for new installations and for upgrades, to provide secure connections to the Cisco Unified Mobility Advantage server.
Note
For upgrades from Release 3.x, the Cisco Adaptive Security Appliance replaces the Proxy Server in Cisco Unified Mobility Advantage Release 3.x. This chapter provides instructions for a basic configuration. Cisco Adaptive Security Appliance Documentation, page 2-2 About Cisco Adaptive Security Appliance Deployment Options, page 2-2 Using the Cisco Adaptive Security Appliance Command-Line Interface, page 2-4 Configuring the Inside and Outside Interfaces Using the Command-Line Interface, page 2-5 Specifying NAT Rules, page 2-5 Setting Static Routes, page 2-7 Allowing Traffic Through to the Cisco Unified Mobility Advantage Server, page 2-7 How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance, page 2-8 Setting up the TLS Proxy, page 2-15 Defining MMP Inspection, page 2-15 Testing Your Cisco Adaptive Security Appliance Configuration, page 2-16 Troubleshooting the Cisco Adaptive Security Appliance, page 2-16
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-1
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility
The Cisco ASA 5580 Adaptive Security Appliance Command Line Configuration Guide, Version 8.0. This book has a chapter on Configuring Cisco Unified Communications Proxy Features as well as useful information about configuring certificates and trustpoints. Cisco Unified Mobility Advantage may be referred to as Cisco UMA. Cisco Unified Mobile Communicator may be referred to as Cisco UMC. The Cisco Security Appliance Command Reference for version 8.0(4).
Cisco Adaptive Security Appliance Installed as a Firewall, page 2-2 Cisco Adaptive Security Appliance Installed as a Proxy Server Only, page 2-3
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-2
Chapter 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage About Cisco Adaptive Security Appliance Deployment Options
Figure 2-1
Enterprise Services
MMP/SSL/TLS
IP Address: 10.1.1.2 Port: 5443 Cisco Adaptive Security Appliance with TLS Proxy
Firewall
MP
Voice Channel
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-3
Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Using the Cisco Adaptive Security Appliance Command-Line Interface
Figure 2-2
Internet
ISP Gateway
Corporate Firewall
DMZ
Internal Network IP Address: 172.16.27.41 (DMZ routable) 192.0.2.41 outside 10.1.1.2 inside Active Directory Cisco Unified Mobility Advantage
M
MP
Conferencing
205202
Voice mail
Open an SSH or HyperTerminal session. Enter the following commands to access all configuration commands: enable
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-4
Chapter 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage Configuring the Inside and Outside Interfaces Using the Command-Line Interface
Configuring the Inside and Outside Interfaces Using the Command-Line Interface
Before You Begin
Obtain necessary IP addresses. See Obtaining IP Addresses and DNS Names from IT, page 1-3.
Procedure
Step 1 Step 2
Access the Cisco Adaptive Security Appliance command-line interface. Enter show run to see the list of interfaces for your Cisco Adaptive Security Appliance model. For example, Cisco Adaptive Security Appliance 5505 calls the interfaces Vlan1 and Vlan2. For Cisco Adaptive Security Appliance 5520 and 5550, the interface name format is GigabitEthernetX/Y.
Step 3
Assign the IP address to the inside interface: interface <inside interface name for your Cisco Adaptive Security Appliance model> nameif inside security-level 100 ip address <IP address of inside interface; in this example 10.1.1.2> <subnet mask>
Step 4
Assign the IP address to the outside interface: interface <outside interface name for your Cisco Adaptive Security Appliance model> nameif outside security-level 0 ip address <IP address of outside interface; in this example 192.0.2.41> <subnet mask>
Translate the public IP address and ports of your Cisco Unified Mobility Advantage server to the private IP address and ports.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-5
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility
Create a dynamic NAT rule to translate the source IP address of any Cisco Unified Mobile Communicator client to a single IP address that is allowed through the internal firewall. Cisco Unified Mobility Advantage sends responses back to the same IP address.
For example: The client connects to the world-routable IP address of the Cisco Unified Mobility Advantage server: 192.0.2.41. A NAT rule translates this address to the private IP address of the Cisco Unified Mobility Advantage server: 172.16.27.41. Another NAT rule translates communications from all clients to a single IP address that the Cisco Adaptive Security Appliance will use for sending all client communications to the Cisco Unified Mobility Advantage server: 10.1.1.2. For more information about NAT and PAT, see the configuration documentation for your Cisco Adaptive Security Appliance.
Before You Begin
Make sure that the necessary ports in the firewalls are open. See Opening Firewall Ports, page 1-5.
Procedure
Step 1 Step 2
Access the Cisco Adaptive Security Appliance command-line interface. Translate all client IP addresses to a single source IP address for routing through the firewall to Cisco Unified Mobility Advantage: global (<inside interface name>) <nat_id> <shared ip address to which all client ip addresses will be translated> netmask <subnet mask> nat (<outside interface name>) 1 0 0 outside Note that because the IP address that all clients share is the same as the inside interface, you can use interface instead of specifying the IP address. Example: global (inside) 1 interface nat (outside) 1 0.0.0.0 0.0.0.0 outside Translate the world-routable IP address of the Cisco Unified Mobility Advantage server to the private IP address of the Cisco Unified Mobility Advantage server:
static (<inside interface name,outside interface name>) tcp <world routable ip address of Cisco Unified Mobility Advantage server> <proxy client connection port> <private IP address of Cisco Unified Mobility Advantage server> <client connection port> netmask <subnet mask> static (<inside interface name,outside interface name>) tcp <world routable ip address of Cisco Unified Mobility Advantage server> <proxy client download port> <private IP address of Cisco Unified Mobility Advantage server> <client download port> netmask <subnet mask>
Step 3
Note that because the world-routable IP address of the Cisco Unified Mobility Advantage server is the same as the outside interface, you can use interface instead of specifying the IP address. Example: static (inside,outside) tcp interface 5442 172.16.27.41 5443 netmask 255.255.255.255
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-6
Chapter 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage Setting Static Routes
Note
If your Cisco Adaptive Security Appliance is installed as a firewall, you do not need to set a static route. You may need to set two static routes, one to the default gateway of the subnet to which Cisco Adaptive Security Appliance is connected through its outside interface, and one to the default gateway to which Cisco Adaptive Security Appliance is connected through its inside interface. This is especially true if the private IP address of Cisco Unified Mobility Advantage is in a different network (for example, the internal corporate network) from the Cisco Adaptive Security Appliance server (for example, a DMZ network).
Procedure
Step 1 Step 2
Access the Cisco Adaptive Security Appliance command-line interface. Specify a static route to the default gateway for each interface: route <outside interface name> 0.0.0.0 0.0.0.0 <ip address of the default gateway of the outside subnet> 1 route <inside interface name> <private ip address of the Cisco Unified Mobility Advantage server> <netmask> <ip address of the default gateway of the inside subnet> 1 Example: route outside 0 0 10.10.10.1 1 route inside 192.168.1.0 255.255.255.0 10.1.1.1 1
Access the Cisco Adaptive Security Appliance command-line interface. Allow traffic through: access-list <id> extended permit tcp any host <world routable ip address of Cisco Unified Mobility Advantage server> eq <proxy client connection port>
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-7
Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance
access-list <id> extended permit tcp any host <world routable ip address of Cisco Unified Mobility Advantage server> eq <proxy client download port> access-group <id> in interface <name of outside interface> Example: access-list permit_cuma extended permit tcp any host <cuma proxy ip> eq 5443 access-list permit_cuma extended permit tcp any host <cuma proxy ip> eq 9080 access-group permit_cuma in interface outside
How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance
Perform all of these procedures to deploy the required and recommended certificates on and from the Cisco Adaptive Security Appliance. You must perform additional procedures in Cisco Unified Mobility Advantage in conjunction with each of these procedures on the Cisco Adaptive Security Appliance.
How to Obtain and Install a Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8 Importing a Self-Signed Certificate from Cisco Unified Mobility Advantage, page 2-12 Generate a Certificate for Cisco Unified Mobility Advantage from the Cisco Adaptive Security Appliance, page 2-14
(For Upgrades from Release 3.x) Importing the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8 (For New Installations) How to Obtain and Import the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-10
(For Upgrades from Release 3.x) Importing the Cisco Adaptive Security Appliance-to-Client Certificate
Use this procedure if you are upgrading and are reusing the signed certificate from the Proxy Server you used with Release 3.1.2.
Restrictions
You can reuse the Proxy Server certificate only if you meet the restrictions detailed in Saving the SSL Certificate from the Proxy Server, page 5-8.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-8
Chapter 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance
Otherwise, follow the procedure in (For New Installations) How to Obtain and Import the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-10.
Before You Begin
You must upgrade Cisco Unified Mobility Advantage before you can import this certificate. Make sure that you have completed the following pre- and post-upgrade procedures:
Saving the SSL Certificate from the Proxy Server, page 5-8 Uploading the Proxy Server Certificate to Release 7.x, page 5-13 Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14
Procedure
Step 1
Import the signed certificate to the Cisco Adaptive Security Appliance in PKCS12 format using the import commands: crypto ca import <trustpoint-cuma-signed> pkcs12 <passphrase> [paste the contents of the ssl64.p12 file here] Include the following lines. Make sure that there are no extra spaces at the end. ----BEGIN CERTIFICATE-------END CERTIFICATE---Import the intermediate certificate: crypto ca trustpoint <trustpoint-cuma-signed> enrollment terminal crypto ca authenticate <trustpoint-cuma-signed> [paste the contents of the intermediate certificate here] The intermediate certificate is the second certificate in your_pemcert.pem, the PEM file that you created from the file you downloaded from the Cisco Unified Mobility Advantage during the prerequisites for this procedure. Include the following lines. Make sure that there are no extra spaces at the end. ----BEGIN CERTIFICATE-------END CERTIFICATE---Import the root certificate: crypto ca trustpoint <trustpoint-cuma-root> enrollment terminal crypto ca authenticate <trustpoint-cuma-root> [paste the contents of the root certificate here] The root certificate is the third and last certificate in the PEM file your_pemcert.pem. Include the following lines. Make sure that there are no extra spaces at the end. -BEGIN CERTIFICATE----
Step 2
Step 3
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-9
Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance
--END CERTIFICATE----
(For New Installations) How to Obtain and Import the Cisco Adaptive Security Appliance-to-Client Certificate
This procedure is required unless you are upgrading from Release 3.1.2 and reusing your signed certificate from your Proxy Server. This procedure has several subprocedures:
Generate a Certificate Signing Request, page 2-10 Submit the Certificate Signing Request to the Certificate Authority, page 2-11 Upload the Signed Certificate to the Cisco Adaptive Security Appliance, page 2-12
Obtain the IP address and fully qualified domain name for the Proxy Host Name as specified in Obtaining IP Addresses and DNS Names from IT, page 1-3. Determine required values for your company or organization name, organizational unit, country, and state or province. See the table in Creating Security Contexts, page 9-7. You must enter identical values in the Cisco Adaptive Security Appliance and in the relevant security context in Cisco Unified Mobility Advantage.
Procedure
Step 1
Enter configuration mode: conf t Generate a key pair for this certificate: crypto key generate rsa label <keypair-cuma-signed> modulus 1024 You will see a Please wait... message; look carefully for the prompt to reappear.
Step 2
Step 3
Create a trustpoint with the necessary information to generate the certificate request: crypto ca trustpoint <trustpoint-cuma-signed> subject-name CN=<Proxy Host Name of the Cisco Unified Mobility Advantage server. Use the Fully Qualified Domain Name.>,OU=<organization unit name>,O=<company or organization name as publicly registered>,C=<2 letter country code>,St=<state>,L=<city> (For requirements for the Company, organization unit, Country, and State values, see the values you determined in the prerequisite for this procedure.) keypair <keypair-cuma-signed> fqdn <Proxy Host Name of the Cisco Unified Mobility Advantage server. This value must exactly match the value you entered for CN above.> enrollment terminal
Step 4
Get the certificate signing request to send to the Certificate Authority: crypto ca enroll <trustpoint-cuma-signed>
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-10
Chapter 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance
% Start certificate enrollment. % The subject name in the certificate will be:CN=<Proxy Host Name of the Cisco Unified Mobility Advantage server>,OU=<organization unit name>,O=<organization name>,C=<2 letter country code>,St=<state>,L=<city> % The fully-qualified domain name in the certificate will be: <Proxy Host Name of the Cisco Unified Mobility Advantage server> % Include the device serial number in the subject name? [yes/no]: no % Display Certificate Request to terminal? [yes/no]: yes
Step 5
Copy the entire text of the displayed Certificate Signing Request and paste it into a text file. Include the following lines. Make sure that there are no extra spaces at the end. ----BEGIN CERTIFICATE-------END CERTIFICATE---Save the text file.
Step 6
What To Do Next
Submit the Certificate Signing Request to the Certificate Authority, page 2-11
Generate a Certificate Signing Request, page 2-10 Visit the web site of your chosen Certificate Authority to learn about the requirements and procedures for obtaining and deploying a signed 128-bit SSL certificate. If you are unsure which certificate to purchase, contact the Certificate Authority. Information about available certificates is subject to change. Also, check the requirements for extending the certificate so that you maintain the necessary records.
Procedure
Step 1
Visit the Certificate Authority web site and follow their instructions. You will need the CSR you generated above. This process may take up to 24 hours. Wait for the signed certificate to arrive by email. Comply with any instructions that arrive with the certificate. For example, you may need to copy an intermediate certificate from the certificate authority web site.
Step 2 Step 3
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-11
Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance
What To Do Next
Upload the Signed Certificate to the Cisco Adaptive Security Appliance, page 2-12
You will need the signed certificate that you requested in Submit the Certificate Signing Request to the Certificate Authority, page 2-11. Follow any deployment instructions from the Certificate Authority. For example, obtain any required intermediate certificate from the Certificate Authority web site.
Tip
If you use a VeriSign certificate, information on obtaining root and intermediate certificates is here: https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO4785
Procedure
Step 1
Authenticate the trustpoint by importing the intermediate certificate: crypto ca authenticate <trustpoint-cuma-signed> Paste the contents of the intermediate certificate from the CA authority. Include the following lines. Make sure that there are no extra spaces at the end. ----BEGIN CERTIFICATE-------END CERTIFICATE---End with the word quit on a line by itself. Import the signed certificate: crypto ca import <trustpoint-cuma-signed> certificate Paste the contents of the signed certificate from the CA authority. End with the word quit on a line by itself. Add the root certificate: crypto ca trustpoint <trustpoint-cuma-root> enrollment terminal crypto ca authenticate <trustpoint-cuma-root> Paste the contents of the root certificate
Step 2
Step 3
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-12
Chapter 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance
The Cisco Adaptive Security Appliance does not automatically trust certificates signed by a recognized certificate signing authority, so perform this procedure even if you deploy a signed certificate on Cisco Unified Mobility Advantage.
Before You Begin
Determine whether a self-signed certificate meets your needs. See options at Required and Recommended Self-Signed Certificates, page 9-3. Install or upgrade Cisco Unified Mobility Advantage. Perform one of the following:
After upgrade from Release 3.1.2, if you did not have a signed certificate on your Managed
Server: See Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15.
After a new installation: After you complete the Configuration Wizard, perform the procedure
in Downloading the Self-Signed Certificate (After Running the Configuration Wizard), page 7-25.
After any installation: Generate a self-signed certificate from Cisco Unified Mobility
Advantage by Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11
Procedure
Step 1 Step 2
Open the self-signed certificate from Cisco Unified Mobility Advantage in WordPad (not Notepad.) Import the certificate into the Cisco Adaptive Security Appliance trust store: crypto ca trustpoint <trustpoint-cuma-selfsigned> enrollment terminal crypto ca authenticate <trustpoint-cuma-selfsigned> Select All and copy the contents of the certificate from WordPad. Include the following lines. Make sure there are no extra spaces at the end. ----BEGIN CERTIFICATE-------END CERTIFICATE---Paste into the Cisco Adaptive Security Appliance command-line interface window.
Related Topics
What To Do Next
Generate a Certificate for Cisco Unified Mobility Advantage from the Cisco Adaptive Security Appliance, page 2-14
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-13
Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance
Generate a Certificate for Cisco Unified Mobility Advantage from the Cisco Adaptive Security Appliance
We recommend that you configure Cisco Unified Mobility Advantage to require a certificate from the Cisco Adaptive Security Appliance. Use this procedure to provide the required self-signed certificate.
Procedure
Step 1
Enter configuration mode: conf t Generate a key pair: crypto key generate rsa label <keypair-asa-cuma-selfsigned> You will see a Please wait... message; look carefully for the prompt to reappear.
Step 2
Step 3
Create the certificate: crypto ca trustpoint <trustpoint-asa-cuma-selfsigned> enrollment self keypair <keypair-asa-cuma-selfsigned> crypto ca enroll <trustpoint-asa-cuma-selfsigned> incl device serial number in the subject name - n Gen self signed - y Export the certificate: crypto ca export <trustpoint-asa-cuma-selfsigned> identity-certificate Copy and paste the text into WordPad. Include the following lines. Make sure there are no extra spaces at the end. ----BEGIN CERTIFICATE-------END CERTIFICATE---Save the file as a text file.
Step 4
Step 5
Step 6
Troubleshooting Tip
If you need to retrieve the certificate text later, use this command: crypto ca export <trustpoint-name> identity-certificate
Related Topics
What To Do Next
After you install or upgrade Cisco Unified Mobility Advantage, import the certificate into the Security Context that is specified on the System Management > Network Properties page in the Admin Portal in Cisco Unified Mobility Advantage. If you used, or will use, the Configuration Wizard, this is the cuma Security Context. See Importing Self-Signed Certificates from Trusted Servers, page 9-10.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-14
Chapter 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage Setting up the TLS Proxy
Import the signed certificate to present to clients. See How to Obtain and Install a Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8. Generate a self-signed certificate from Cisco Adaptive Security Appliance and import it into Cisco Unified Mobility Advantage. See Generate a Certificate for Cisco Unified Mobility Advantage from the Cisco Adaptive Security Appliance, page 2-14.
Procedure
Step 1
Run these commands to set up the TLS Proxy on the Cisco Adaptive Security Appliance: tls-proxy <tls-proxy-name> server trust-point <trustpoint-cuma-signed> This is the trustpoint that holds the signed certificate that Cisco Adaptive Security Appliance will present to the mobile clients, which you imported above. client trust-point <trustpoint-asa-cuma-selfsigned> This is the trustpoint that holds the self-signed certificate that Cisco Adaptive Security Appliance will present to Cisco Unified Mobility Advantage, which you generated above and imported into Cisco Unified Mobility Advantage. no server authenticate-client In this release, the Cisco Adaptive Security Appliance must automatically trust the mobile client. Cisco Adaptive Security Appliance will not authenticate client connections. client cipher-suite aes128-sha1 aes256-sha1
Related Topics
Access the Cisco Adaptive Security Appliance command-line interface. Run these commands to define MMP inspection: access-list mmp_inspect extended permit tcp any any eq <Proxy Client Connection Port>
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-15
Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Testing Your Cisco Adaptive Security Appliance Configuration
class-map cuma_proxy match access-list mmp_inspect exit policy-map global_policy class cuma_proxy inspect mmp tls-proxy <tls-proxy-name> exit exit service-policy global_policy global
Ping the private IP address of the Cisco Unified Mobility Advantage server from the Cisco Adaptive Security Appliance. Ping an IP address on the internet.
What To Do Next
Useful Commands, page 2-16 Fixing Unsuccessful Pings, page 2-18 SSL Handshake Failures, page 2-18 Debugging TLS-Proxy and MMP Configurations, page 2-18
Useful Commands
The following are useful commands for troubleshooting your Cisco Adaptive Security Appliance configuration. You may need to be in a particular mode, such as privileged EXEC, in order to use some of these commands. For complete information on any command, see the Cisco Security Appliance Command Reference.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-16
Chapter 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage Troubleshooting the Cisco Adaptive Security Appliance
logging timestamp logging list loglist message 711001 logging list loglist message 725001-725014 logging list loglist message 717001-717038 logging buffer-size 1000000 logging buffered loglist logging debug-trace
Show the current logging configuration Clear logs Show the current configuration settings Show existing keypairs to see if a keypair has been generated. Display certificate information to verify that it was entered and imported correctly. Check configuration of all certificates on the Cisco Adaptive Security Appliance Check configuration of the certificate from Cisco Unified Mobility Advantage that you imported into the Cisco Adaptive Security Appliance Clear a command or remove a configured item, such as a trustpoint, to reconfigure it Clear a configuration under a specific command so that you can reconfigure it
show logging clear logging buffer show running-config sh crypto key mypubkey rsa sh crypto ca certificate <certificate_name> sh crypto ca certificates sh crypto ca trustpoints
no <command to clear> clear configure <command> Example: To delete the tls proxy: clear configure tls-proxy
Use the following commands to see what happens on the Cisco Adaptive Security Appliance when you try to connect using the client: Show the information about the current tls-proxy sh tls-proxy session detail session Show debug messages for TLS proxy inspection Show a list of active MMP sessions Display inspect MMP events
Related Topics
No Connectivity On Initial Tests, page 19-3 Some Clients Cannot Connect on Initial Tests, page 19-3
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-17
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility
If You cannot ping the private IP address of the Cisco Unified Mobility Advantage server from the Cisco Adaptive Security Appliance
Do This
a.
Use the following command to check if the first hop is your default router: traceroute <private IP address of the Cisco Unified Mobility Advantage server> source inside Check the routing commands for the inside interface Make sure that you have configured the access-list to allow traffic to go through the inside interface
b. c.
Ping an IP address on the internet from the Cisco Adaptive Security Appliance.
SSL handshake errors can result from problems with the connection between the client and the Cisco Adaptive Security Appliance or between the Cisco Adaptive Security Appliance and Cisco Unified Mobility Advantage. Check both sets of configurations. This error is benign: %ASA-7-725014: SSL lib error. Function: SSL3_READ_BYTES Reason: ssl handshake failure, If a SSL Handshake error message causes the tls-proxy session to close, then check certificate configuration: sh crypto ca certificates sh crypto ca trustpoints
If any of the trustpoints shows as Not configured, revisit the certificate portion of the configuration.
Use the following commands to enable debugging: debug inspect tls-proxy all debug mmp
Step 2
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-18
Chapter 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage Troubleshooting the Cisco Adaptive Security Appliance
Check if the inspection port is correct, if you see MMP messages on the logs but no tls-proxy messages.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-19
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
2-20
CH A P T E R
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage
Revised Date: June 30, 2009
Configure Cisco Unified Communications Manager to provide features to Cisco Unified Mobility Advantage.
Note
Specific instructions for these procedures may vary depending on your release of Cisco Unified Communications Manager. See the documentation for your release for the instructions for your release.
How to Configure Call Log Monitoring How to Configure Dial Via Office Configuring Prerequisites for Transfer of Active Calls Between Phones, page 3-13 How to Configure Server Security for Connections with Cisco Unified Communications Manager, page 3-13 Backup Cisco Unified Communications Manager Server Configuration, page 3-18 Changes to Cisco Unified Communications Manager Configurations, page 3-18 How to Configure Cisco Unified Communications Manager for Each User and Device, page 3-19
Configuring Call Log Monitoring, page 3-2 Creating CTI-Enabled Super User Accounts, page 3-3 Ensuring That the CTI Service Is Running, page 3-5 Configuring Standard AXL API Access to Retrieve User Information, page 3-5
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-1
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage
Application Dialing Rules, page 3-6 Recommended Directory Lookup Settings, page 3-7 Configuring Directory Lookup Rules in Cisco Unified Communications Manager, page 3-8
To
Step 1
If you are making changes to a running system, stop Cisco Unified Mobility Advantage. Note that this will impact users. Configure system-level requirements in Cisco Unified Communications Manager.
Step 2
Creating CTI-Enabled Super User Accounts, page 3-3 Ensuring That the CTI Service Is Running, page 3-5 Configuring Standard AXL API Access to Retrieve User Information, page 3-5 Application Dialing Rules, page 3-6
If you are using Cisco Unified Communications Manager Release 5.x or later:
Recommended Directory Lookup Settings, page 3-7 Directory Lookup Settings, page A-8 Configuring Directory Lookup Rules in Cisco Unified Communications Manager, page 3-8 Requirements for Configuring Devices in Cisco Unified Communications Manager (For All Cisco Unified Communications Manager Features), page 3-19 Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled Super User, page 3-19 Configuring User Accounts in Cisco Unified Communications Manager, page 3-20
Step 3
Make sure users and their devices are configured properly in Cisco Unified Communications Manager.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-2
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Call Log Monitoring
To
Step 4
See If this is a new installation, you will perform these procedures when you run the Configuration Wizard after installation. If this is an upgrade from Release 3.x, or you are changing your release of Cisco Unified Communications Manager for a running system:
After you install Cisco Unified Mobility Advantage, configure Cisco Unified Mobility Advantage to connect to Cisco Unified Communications Manager.
Viewing and Changing Enterprise Adapter Settings, page 10-4 About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6 Server Settings, page A-7 Recommended Directory Lookup Settings, page 3-7 Directory Lookup Settings, page A-8 Configuring Directory Lookup Settings in Cisco Unified Mobility Advantage, page 10-5
Step 5
If you are using Cisco Unified Communications Manager Release 4.x, configure directory lookup rules in Cisco Unified Mobility Advantage.
Step 6
If this is a new installation, you will perform this procedure when you run the Configuration Wizard after installation. If this is an upgrade from Release 3.x, or you are adding or changing this feature on a running system:
Step 7
Start Cisco Unified Mobility Advantage if you are reconfiguring a running system.
Related Topics
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage
Select User Management > End User. Select Add New. Add the primary phone (usually the desk phone, but not the mobile phone) for each Cisco Unified Mobile Communicator user to the Controlled Devices list in the Device Information section.
Tip
You can add one device now for testing purposes, then add the remainder of the devices later, when you are configuring Cisco Unified Communications Manager for each user and device.
Step 5
Assign the End User to the proper groups and roles: In Cisco Unified Communications Manager Release 4.x 5.1 6.0
Do This Select Enable CTI Application Use on the User Configuration window.
Assign the user to the Standard CTI Enabled group. Make sure user is assigned to the Standard CCM End Users group. From the End User Configuration window, select Allow Control of Device from CTI for this user. (This is the default.) Add the following Groups into the Permissions Information section:
Standard CTI Enabled Standard CCM End Users.
7.0
1.
2. 3.
Configure the remaining fields as needed for your deployment. They are not specifically used by Cisco Unified Mobility Advantage. Select Save. Note the user IDs and passwords for these accounts. You will need this information when:
you configure Cisco Unified Mobility Advantage. you add support for additional users.
Related Topics
Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled Super User, page 3-19
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-4
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Call Log Monitoring
Open the Cisco Unified Communications Manager Admin interface but do not sign in. Select Cisco Unified Serviceability from the list box in the upper right corner of the page. Select Go. Sign in with your platform credentials. Select Tools > Service Activation. Select the publisher server. Select Cisco CTIManager. Select Save. Restart Cisco Unified Mobility Advantage if it is running.
Sign in to the Cisco Unified Communications Manager Admin interface. Select User Management > Application User. Select Add New. Enter information for this application user. Add the Standard CCM Super Users Group into the Permissions Information section. Select Save. Verify that the Standard AXL API Access role appears. Configure the remaining fields as needed for your deployment. They are not specifically used by Cisco Unified Mobility Advantage. Select any item in the Permissions Information > Roles list, then select View Details.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-5
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage
Scroll to the bottom of the detailed Roles view, then select Add New. Select Cisco Call Manager AXL Database from the list and select Next. Enter a name and description for this new role. Select Allow to use API. Select Save. Note the user ID and password for this account.
What To Do Next
After you install Cisco Unified Mobility Advantage or upgrade from Release 3.x, enter this Application User ID and its associated password into the Server Settings page of the Enterprise Adapter configuration for Cisco Unified Communications Manager. For Release 7.0(2), enter the information into the Web Services Information section; for Release 7.0(1), enter the information into the "SOAP Information" section. See About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6.
Calls from desk phones to numbers outside the company in the same telephone area code must begin with 9. Calls from desk phones to numbers outside the company in a different telephone area code must begin with 91. Calls from desk phones to numbers outside the company and outside the country must begin with 9011, while international calls from mobile phones often begin with a +.
To allow users to dial from mobile devices without using these additional digits, define appropriate Application Dial Rules for your country or location. These dialing rules also apply to the mobile device phone numbers you specify when provisioning users.
Note
These dialing rules do not apply to alternate callback numbers that the user specifies in Cisco Unified Mobile Communicator. Users must enter alternate callback numbers in the format they would use if they were dialing from their desk phones. For information about configuring application dialing rules, see the online help in Cisco Unified Communications Manager. Work with your Cisco Unified Communications Manager administrator to configure these rules.
Note
Restart Cisco Unified Mobility Advantage if you make changes to a running system.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-6
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Call Log Monitoring
Numbers dialed from the primary desk phone of the user (For Cisco Unified Communications Manager 7.0 only) Numbers dialed from the mobile phone using the Dial-via-Office feature Numbers of corporate callers who call the primary office number of the user.
Include rules to accommodate all numbers that can successfully be connected, including numbers as users may dial them when roaming outside their home area code or country. For example, account for the following within the United States:
the extension only numbers within the home area code dialing from other area codes dialing from other country codes dialing prefixes such as:
011 and + (International direct dialing prefix - for dialing international numbers from the United
States)
1 (National direct dialing prefix - for dialing numbers in another area code in the United States) 8 or 9 (Dial out prefix - required for dialing numbers outside of many companies)
Create your rules so that only one rule can apply to each phone number, or order the rules so that the intended number matches before any other possible match. For example, list 54321 before 543 to ensure that 54321 does not match 543 instead of 54321. Configure separate rules for incoming and outgoing calls.
Tip
To help determine which Directory Lookup rules you will need, look at your Application Dial Rules in Cisco Unified Communications Manager. Examples of rules for outgoing calls:
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-7
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage
Setting Number Begins With Number of Digits Total Digits To Be Removed Prefix With Pattern Result = Number in the directory
Number Dialed Number Dialed Number Dialed Is: Is: Is: 1111 5551111 95551111 4 555 5551111 5551111 No rule is needed. 9555 8 1 5551111
Number Dialed Number Dialed Is: Is: 4085551111 914085551111 408555 10 3 5551111 91408555 12 5 5551111
Cisco Unified Mobility Advantage tests each phone number against each rule in the order in which it appears. When Cisco Unified Mobility Advantage finds an applicable rule, it applies the rule to the phone number, searches the directory for the resulting number, retrieves any matching name, and includes the name in the call log in Cisco Unified Mobile Communicator. If no match is found, Cisco Unified Mobility Advantage looks to see if another rule applies. If no rules apply, Cisco Unified Mobility Advantage searches the directory for the unmodified number.
Related Topics
For Cisco Unified Communications Manager versions 5.x through 7.0, configure directory lookup rules in Cisco Unified Communications Manager using the procedure in this topic. For Cisco Unified CallManager release 4.x, configure the Directory Lookup Settings in Cisco Unified Mobility Advantage. See Configuring Directory Lookup Settings in Cisco Unified Mobility Advantage, page 10-5.
Determine the directory lookup settings you need to add. See the following:
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-8
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Dial Via Office
Recommended Directory Lookup Settings, page 3-7 Directory Lookup Settings, page A-8
For more information about configuring directory lookup rules in Cisco Unified Communications Manager, see the online help in Cisco Unified Communications Manager.
Procedure
Step 1 Step 2 Step 3 Step 4
Sign in to the Cisco Unified Communications Manager Admin interface. Choose Call Routing > Dial Rules > Directory Lookup Dial Rules. Select Add New. Enter specifics for the rule.
For rules to be applied to incoming calls to the mobile device, the Rule Name MUST begin with indir. For example, indir_international. For rules to be applied to outgoing calls from the mobile device, the Rule Name MUST begin with outdir. For example, outdir_internal.
Select Save. Repeat to create each rule. Select any rule name in the list Use the arrows to position each rule in order to ensure correct matching. Select Save. Restart Cisco Unified Mobility Advantage if it is running.
Configuring Dial Via Office, page 3-9 Configuring the Enterprise Feature Access Directory Number, page 3-11 Important Information About DTMF Access Codes, page 3-12 Device Pool Requirements, page 3-12
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-9
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage
Tip
Configuring this functionality is complex. Perform these procedures carefully to ensure that you do not omit or misconfigure anything.
Procedure
To
Step 1
See
If you are making changes to a running system, Stopping Cisco Unified Mobility Advantage, stop Cisco Unified Mobility Advantage. page 11-1 Note that this will impact users. Configure system-level requirements in Cisco Unified Communications Manager. If you configured Cisco Unified Communications Manager for call log monitoring, you have addressed the first two already.
Step 2
Creating CTI-Enabled Super User Accounts, page 3-3 Configuring Standard AXL API Access to Retrieve User Information, page 3-5 Configuring the Enterprise Feature Access Directory Number, page 3-11 Important Information About DTMF Access Codes, page 3-12 Device Pool Requirements, page 3-12 Requirements for Configuring Devices in Cisco Unified Communications Manager (For All Cisco Unified Communications Manager Features), page 3-19 Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled Super User, page 3-19 Configuring User Accounts in Cisco Unified Communications Manager, page 3-20 Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager, page 3-21
Step 3
Configure each user and device in Cisco Unified Communications Manager. If you configured Cisco Unified Communications Manager for call log monitoring, you may have addressed the first three already.
Step 4
After you install Cisco Unified Mobility Advantage, configure Cisco Unified Mobility Advantage to connect to Cisco Unified Communications Manager.
If this is a new installation, you will perform these procedures when you run the Configuration Wizard after installation. If this is an upgrade from Release 3.x, or you are changing your Cisco Unified Communications Manager release with a running system:
Viewing and Changing Enterprise Adapter Settings, page 10-4 About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-10
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Dial Via Office
To
Step 5
See If this is a new installation, you will perform these procedures when you run the Configuration Wizard after installation. If this is an upgrade from Release 3.x, or you are adding or changing this feature on a running system:
Enable the Dial via Office feature in Cisco Unified Mobility Advantage.
Step 6
Start Cisco Unified Mobility Advantage if you are reconfiguring a running system.
Related Topics
How to Solve Problems With the Dial Via Office Feature, page 19-10
Sign in to the Cisco Unified Communications Manager Admin interface. Select Call Routing > Mobility Configuration. Enter values for the following fields:
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-11
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage
Description This value is required in order to create an Enterprise Feature Access partition; if you do not otherwise require a Handoff Number, enter a dummy internal unused DN that is associated with a valid partition. This value is required in order to create an Enterprise Feature Access partition. This partition should be present in the Remote Destination inbound Calling Search Space, which points either to the inbound Calling Search Space of the Gateway or Trunk or to the Remote Destination Calling Search Space.
Enterprise Feature Access Directory Number Enterprise Feature Access Directory Number Partition
Enter the Direct Inward Dial (DID) number that is required for enterprise feature access. This number must be unique. This partition should be present in the Remote Destination inbound Calling Search Space, which points either to the inbound Calling Search Space of the Gateway or Trunk or to the Remote Destination Calling Search Space.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-12
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage Configuring Prerequisites for Transfer of Active Calls Between Phones
If you will specify a primary and a backup Cisco Unified Communications Manager server in Cisco Unified Mobility Advantage, list the servers in that order (first primary, then secondary) in the Cisco Unified Communications Manager group associated with this device pool. For information about Device Pools, see the Cisco Unified Communications Manager documentation.
Related Topics
Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager, page 3-21
Sign in to the Cisco Unified Communications Manager Admin interface. Select Device > Device Settings > Softkey Template. Create a new template or modify an existing template. Select Configure Softkey Layout from the Related Links menu in the upper right corner of the window. Select Go. Select Connected for Select a call state to configure. Add Mobility to the selected Softkeys. Select Save.
Related Topics
Adding the Softkey Template to the Primary Desk Phone of Each User, page 3-21
How to Configure Server Security for Connections with Cisco Unified Communications Manager
Server security features are available only with Cisco Unified Communications Manager Release 7.0(1) Service Update 1 or later. Secure connections between internal servers are not required by default for Cisco Unified Mobility Advantage to operate. However, your Cisco Unified Communications Manager configuration and your corporate security policies may require a secure connection between Cisco Unified Mobility Advantage and Cisco Unified Communications Manager.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-13
Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Server Security for Connections with Cisco Unified Communications Manager
Configuring Secure Connections with Cisco Unified Communications Manager, page 3-14 Cisco Unified Mobility Advantage Server Security Profile, page 3-15 Obtaining a Certificate from Cisco Unified Communications Manager, page 3-16 Importing Certificates into Cisco Unified Operating System Servers, page 3-16
If you want to familiarize yourself with server security concepts for Cisco Unified Mobility Advantage, see Chapter 9, Managing Server Security in Cisco Unified Mobility Advantage. Determine whether this procedure fits into your Cisco Unified Communications Manager security plan. Security configuration in Cisco Unified Communications Manager is quite complex. See the Cisco Unified Communications Manager Security Guide for complete information. We recommend that you verify that the Dial via Office, MobileConnect, and call log monitoring features function properly before you configure server security.
Procedure
Do This
Step 1
If you are making changes to a running system, stop Stopping Cisco Unified Mobility Advantage, Cisco Unified Mobility Advantage. page 11-1 Note that this will impact users. In Cisco Unified Mobility Advantage, create a Creating Security Contexts, page 9-7 Security Context that specifies Trusted Certificates for the Trust Policy. You can use this Security Context for all enterprise servers that have the same security requirements. If you will follow the instructions for the Configuration Wizard you can use the cuma Security Context.
Step 2
Step 3 Step 4
Stop Cisco Unified Mobility Advantage if it is running. In the Enterprise Adapter for Cisco Unified Communications Manager, select TLS as the Transport Type, then specify the Security Context that you created in an earlier step in this table.
Viewing and Changing Enterprise Adapter Settings, page 10-4 About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6
Step 5
In Cisco Unified Communications Manager, require Cisco Unified Mobility Advantage Server Security Profile, page 3-15 secure communications.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-14
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Server Security for Connections with Cisco Unified Communications Manager
Do This
Step 6 Step 7 Step 8 Step 9 Step 10
For Instructions, See Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11 Importing Certificates into Cisco Unified Operating System Servers, page 3-16 Obtaining a Certificate from Cisco Unified Communications Manager, page 3-16 Importing Self-Signed Certificates from Trusted Servers, page 9-10
Download a self-signed certificate from Cisco Unified Mobility Advantage. Import this certificate to the trust store of Cisco Unified Communications Manager. Generate a certificate from Cisco Unified Communications Manager. Import this certificate to the trust store of Cisco Unified Mobility Advantage. If you configure a backup Cisco Unified Communications Manager server, repeat this procedure for the backup server. Start Cisco Unified Mobility Advantage if you are reconfiguring a running system.
Step 11
You can associate only one Cisco Unified Mobility Advantage server with each Cisco Unified Communications Manager cluster. If you allow a TCP (non-secure) connection, you are not limited to a single Cisco Unified Mobility Advantage per Cisco Unified Communications Manager server. When you configure a Security Context in Cisco Unified Mobility Advantage for the Cisco Unified Communications Manager enterprise adapter, the connection type must be the same as the connection type you specify in Cisco Unified Communications Manager. If you require authenticated or encrypted connections, you must provide the required certificate to Cisco Unified Communications Manager. The X.509 value you need to supply is generally the hostname of the Cisco Unified Mobility Advantage server.
Related Topics
Chapter 9, Managing Server Security in Cisco Unified Mobility Advantage How to Configure Server Security for Connections with Cisco Unified Communications Manager, page 3-13
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-15
Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Server Security for Connections with Cisco Unified Communications Manager
Create a Security Context in Cisco Unified Mobility Advantage and set the Trust Policy to Trusted Certificates. See Creating Security Contexts, page 9-7. Assign that Security Context to the Enterprise Adapter for Cisco Unified Communications Manager. See Viewing and Changing Enterprise Adapter Settings, page 10-4.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12
Open the Cisco Unified Communications Manager Admin interface but do not sign in. Select Cisco Unified OS Administration from the list box in the upper right corner of the page. Sign in using the platform administration credentials for the Cisco Unified Communications Manager server. Select Security > Certificate Management. Select Find to display all certificates. Select CallManager.pem. Select Download. Save the .cer file to your desktop. Return to the list of certificates. Select tomcat.pem. Select Download. Save the .cer file to your desktop.
What To Do Next
Continue with remaining procedures in How to Configure Server Security for Connections with Cisco Unified Communications Manager, page 3-13. Continue with other procedures in this chapter for deploying Cisco Unified Communications Manager with Cisco Unified Mobility Advantage.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-16
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Server Security for Connections with Cisco Unified Communications Manager
Determine whether the server requires a certificate from Cisco Unified Mobility Advantage. For Cisco Unified Communications Manager, see Cisco Unified Mobility Advantage Server Security Profile. For other servers, see the documentation for those servers. By default, a certificate is not required. Obtain a certificate from Cisco Unified Mobility Advantage. See Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7
Open the Admin interface of the server in a browser window. Select Cisco Unified OS Administration in the top right corner of the window. Select Go. Sign in. Select Security > Certificate Management Select Upload Certificate. Enter information: Item Certificate Name Description For the Cisco Unified Communications Manager server: Select CallManager-trust from the list. For the Cisco Unified Presence server: Select sipproxy-trust from the list. For Cisco Unity Connection: Select tomcat-trust from the list. Root Certificate Description Enter a name for the Cisco Unified Mobility Advantage certificate. Enter a description.
Step 8
Select Browse and select the certificate file from Cisco Unified Mobility Advantage. For example, if you generated a self-signed certificate, locate the .cer file you saved. Select Upload File. Restart the service:
a. b. c. d. e.
Step 9 Step 10
Select Cisco Unified Serviceability from the list box in the top right corner of the window. Select Go. Sign in using your platform administrator credentials. Select Tools > Service Activation. For Cisco Unified Communications Manager: Restart the CiscoCallManager service. For Cisco Unified Presence: Restart the Presence Engine Service and the Proxy Service.
f.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-17
Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage Backup Cisco Unified Communications Manager Server Configuration
g.
For Cisco Unity Connection: Restart the Connection IMAP Server and Connection SMTP Server services.
Step 11
What To Do Next
For Cisco Unified Communications Manager, see How to Configure Server Security for Connections with Cisco Unified Communications Manager, page 3-13. For Cisco Unified Presence, see How To Configure Server Security for Cisco Unified Presence, page 4-3. For Cisco Unity Connection, see Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5.
Creating CTI-Enabled Super User Accounts, page 3-3 Configuring Standard AXL API Access to Retrieve User Information, page 3-5 About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6 Stopping Cisco Unified Mobility Advantage, page 11-1 Starting Cisco Unified Mobility Advantage, page 11-1
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-18
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Cisco Unified Communications Manager for Each User and Device
How to Configure Cisco Unified Communications Manager for Each User and Device
Provision each user in Cisco Unified Communications Manager.
Requirements for Configuring Devices in Cisco Unified Communications Manager (For All Cisco Unified Communications Manager Features), page 3-19 Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled Super User, page 3-19 Configuring User Accounts in Cisco Unified Communications Manager, page 3-20 Adding the Softkey Template to the Primary Desk Phone of Each User, page 3-21 Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager, page 3-21 Configuring a Presence Account for Each User in Cisco Unified Communications Manager, page 3-24
Requirements for Configuring Devices in Cisco Unified Communications Manager (For All Cisco Unified Communications Manager Features)
Each user must already have a functioning account with a primary desk phone number configured in Cisco Unified Communications Manager. These instructions assume the Primary Extension is the desk phone directory number. Make sure the Owner User ID is configured for the desk phone. You have configured all applicable system-level requirements in Cisco Unified Communications Manager documented earlier in this chapter. If you are using Cisco Unified Communications Manager Release 7.x and users of the Release 3.x client for Nokia Symbian phones will use the same mobile phone number after they migrate to Release 7.x of the client, you must delete their existing Remote Destination profile before you configure the user and device in Cisco Unified Communications Manager following instructions in this section.
Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled Super User
This topic applies to all deployments. Add the primary phone (usually the desk phone, but not the mobile phone) of each Cisco Unified Mobile Communicator user to the Device Information section of one of the CTI-enabled super users that you created above.
Before You Begin
You will need the usernames of the super user accounts you created in Creating CTI-Enabled Super User Accounts, page 3-3.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-19
Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Cisco Unified Communications Manager for Each User and Device
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6
Sign in to the Cisco Unified Communications Manager Admin interface. Select User Management > End User. Select Find. Select the appropriate End User in the list. Scroll to the Device Information section. Double-click the desk phone device (not the mobile phone) in the Available Devices list. The phone will move to the Controlled Devices list. Repeat for each device to add. Select Save. Restart Cisco Unified Mobility Advantage if it is running.
Troubleshooting Tip
If you do not see the phone in the Available Devices list, select Find More Phones. See the online help for Cisco Unified Communications Manager for more information.
Sign in to the Cisco Unified Communications Manager Admin interface. Select User Management > End User. Find the user to configure. Select Allow Control of Device from CTI. Set the Primary Extension in the Directory Number Association to the directory number of the primary line, usually the desk phone. (For Cisco Unified Communications Manager Releases 6.x and 7.0) Select Enable Mobility. Assign the user to the proper groups and roles: Add the following into the Permissions Information section:
Groups:
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-20
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Cisco Unified Communications Manager for Each User and Device
Roles:
Standard CTI Enabled, Standard CCMUSER Administration Standard CCM End Users.
Step 8
Select Save.
Adding the Softkey Template to the Primary Desk Phone of Each User
This feature is only available with Cisco Unified Communications Manager Releases 6.x and 7.0. This procedure allows users to transfer active calls between their desk phones and their mobile phones.
Before You Begin
Complete the procedure in Configuring Prerequisites for Transfer of Active Calls Between Phones, page 3-13. If you have configured a common device configuration that is assigned to the desk phones of all of your mobile users, modify that common device configuration instead of each individual phone as described in this procedure.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6
Sign in to the Cisco Unified Communications Manager Admin interface. Navigate to the page associated with the primary desk phone of a Cisco Unified Mobile Communicator user. Look for the Softkey Template field. Select the softkey template you created for transferring active calls between phones. Select Save. Repeat this procedure for each Cisco Unified Mobile Communicator user.
Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager
This procedure applies to Cisco Unified Communications Manager Release 7.0(1) Service Update 1 only. For Cisco Unified Communications Manager Release 6.x, follow the instructions in the Cisco Unified Communications Manager documentation for configuring Remote Destinations and enabling the MobileConnect feature.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-21
Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Cisco Unified Communications Manager for Each User and Device
You have addressed all requirements and completed all configurations previously described in this chapter. The MobileConnect feature (formerly known as Single Number Reach) must be working independently of Cisco Unified Mobility Advantage. If the phone number that you will use for the Cisco Unified Mobile Communicator device is already configured in Cisco Unified Communications Manager as a Remote Destination, delete the Remote Destination for that number before you perform this procedure. Familiarize yourself with the Device Pool Requirements, page 3-12.
Procedure
Step 1 Step 2
Sign in to the Cisco Unified Communications Manager Admin interface. Add the mobile phone:
a. b. c. d. e.
Select Device > Phone. Select Add New. Select Cisco Unified Mobile Communicator as the Phone Type. Select Next. Enter values: Description Descriptive name (up to 15 characters) If you created a dedicated Device Pool when you reviewed the device pool requirements, choose that Device Pool. If you did not create a dedicated Device Pool, specify a Device Pool that includes in the Cisco Unified Communications Manager Group the Cisco Unified Communications Manager server that you will specify later in Cisco Unified Mobility Advantage (in the Enterprise Adapter for Cisco Unified Communications Manager).
Phone Button Template Select Standard Cisco Unified Mobile Communicator. Calling Search Space This Calling Search Space must include the set of destination numbers that you want to allow users to use with the Dial-via-Office feature. This is typically the same Calling Search Space associated with the Desk Phone, assuming you want the same calling privileges to apply to both devices. The User ID of the user. The User ID of the user.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-22
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Cisco Unified Communications Manager for Each User and Device
Option
Description
Reroute Calling Search Ensure that the Rerouting Calling Search Space in the Cisco Unified Mobile Communicator device configuration includes both of the following: Space
The partition of the desk phone extension of the user (This requirement is used by the system to provide the Dial via Office feature, not for routing calls.)
The route to the mobile identity (i.e., the Gateway/Trunk partition) must have a higher preference than the partitions of the enterprise extension of the Cisco Unified Mobile Communicator device. Note that Cisco Unified Mobile Communicator allows users to specify an alternate callback number besides the mobile identity, and the Rerouting Calling Search Space controls which alternate callback numbers are reachable. All others Accept the defaults, or follow your company conventions or instructions in the online help.
f. Step 3
Select Save. Select Line [1] - Add a New DN. Enter the Directory Number of the primary desk phone. Enter the Route Partition, if applicable. Press Tab. The remaining fields on the page will automatically populate. Select Save. Scroll to the Associated Devices list. Select the Cisco Unified Mobile Communicator device. Select Edit Device. Scroll down and select Add New Mobile Identity. Enter values:
Associate the mobile phone with the primary desk phone number of the user.
a. b. c. d.
e. Step 4
Step 5
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-23
Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Cisco Unified Communications Manager for Each User and Device
Description The mobile phone number, without any digits prefixed (for example, no dial-out prefix). This value must exactly match the phone number you enter for this user in the Cisco Unified Mobility Advantage Admin portal. This number must be unique among Cisco Unified Mobile Communicator devices and Remote Destinations. This is the default number that the Dial-via-Office feature will call.
Select this box. Depend on settings in your company. Accept the defaults, or follow your company conventions or instructions in the online help.
c.
Select Save.
Note
Add any additional remote destinations by using the Remote Destination Profile of the user (Device Settings > Remote Destination Profile), not on this page.
Step 6
For the device that represents the primary line of the user (usually the desk phone), verify Caller ID information (Name or phone number) for the following fields, as desired:
Display (Internal Caller ID) ASCII Display (Internal Caller ID) External Phone Number Mask
b. c. Step 7
Select the boxes for the Caller ID values to enable for shared device (these include Cisco Unified Mobile Communicator). Select Propagate Selected.
Configure any other information that is required or desired for all devices at your organization.
What To Do Next
See Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled Super User, page 3-19.
Configuring a Presence Account for Each User in Cisco Unified Communications Manager
If you will integrate the presence feature in Cisco Unified Mobile Communicator, configure a Cisco Unified Presence account for each user in Cisco Unified Communications Manager.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-24
Chapter 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Cisco Unified Communications Manager for Each User and Device
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6
Sign in to the Cisco Unified Communications Manager Admin interface. Select Device > Phone. Select Add New. Select Cisco Unified Personal Communicator as Phone Type. Select Next. Enter the device information. Option Device Name Owner User ID Description UPC+uppercase <USERID> Select the User ID of the user.
Step 7 Step 8
Select Save. Associate the mobile phone with the primary desk phone number of the user.
a. b. c. d.
Select Line [1] - Add a New DN. Enter the Directory Number of the primary desk phone. Enter the Route Partition, if applicable. Press Tab. The remaining fields on the page will automatically populate. Select Save. Select System > Licensing > Capabilities Assignment. Find the user. Select Enable CUP. Select Enable CUPC. Select Save.
e. Step 9
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-25
Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Cisco Unified Communications Manager for Each User and Device
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
3-26
CH A P T E R
Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage
Revised Date: April 17, 2009
If you will integrate Cisco Unified Presence with Cisco Unified Mobility Advantage to allow users to exchange availability status, perform the procedures in this chapter. For limitations related to presence integration, see the Release Notes for Cisco Unified Mobility Advantage Release 7.0(1) and 7.0(2) at http://www.cisco.com/en/US/products/ps7270/prod_release_notes_list.html.
Presence and Cisco Unified Mobile Communicator, page 4-1 Configuring Essential Settings for Presence Integration, page 4-1 How To Configure Server Security for Cisco Unified Presence, page 4-3 Configuring Additional Settings for Presence Integration, page 4-5
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
4-1
Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage
Restrictions
The Proxy domain of the Cisco Unified Presence server should be the same as the domain of the Cisco Unified Mobility Advantage server. All users on the Cisco Unified Mobility Advantage server must be configured on a single Cisco Unified Presence server. However, those users can see the presence of users on other Cisco Unified Presence servers in the same cluster.
Make sure that you have configured Cisco Unified Presence to support all of the functionality that is not specific to Cisco Unified Mobile Communicator but that users will also use in Cisco Unified Mobile Communicator. For example, if availability status will be drawn from the Exchange calendar of each user, follow the instructions in the Integration Note for Configuring Cisco Unified Presence Release 7.0 with Microsoft Exchange. Your Cisco Unified Presence deployment and all users must already be configured and functioning properly. For complete information about configuring Cisco Unified Presence, see the documentation for that product, at http://cisco.com/en/US/products/ps6837/tsd_products_support_series_home.html.
Procedure
Step 1 Step 2 Step 3 Step 4
Sign in to the Cisco Unified Presence Administration Admin Portal. Select User Management > Application User. Select Add New. Enter the Application User Information in the appropriate fields. This must be a unique account assigned for exclusive use by a single Cisco Unified Mobility Advantage server.
Select Standard Presence Group for the Presence Group. Add the group Admin-CUMA in the Groups field under Permissions Information. Select Save. Select System > Security > Incoming ACL to set the Access Control List. Select Add New. Enter a description. Enter the IP address of the Cisco Unified Mobility Advantage server in the Address Pattern field. Select Save.
What To Do Next
If you have a backup Cisco Unified Presence server that you will specify in Cisco Unified Mobility Advantage, configure an identical Application User account on that server. If you will use a secure connection between Cisco Unified Mobility Advantage and Cisco Unified Presence, you will need to configure security on both servers. See How To Configure Server Security for Cisco Unified Presence, page 4-3.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
4-2
Chapter 4
Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage How To Configure Server Security for Cisco Unified Presence
If you will integrate with Cisco MeetingPlace or Cisco MeetingPlace Express, make sure that you have enabled Outlook integration in Cisco Unified Presence. See the documentation for Cisco Unified Presence, for example the Integration Note for Configuring Cisco Unified Presence Release 7.0 with Microsoft Exchange at http://www.cisco.com/en/US/docs/voice_ip_comm/cups/7_0/english/integration_notes/ExchInt.ht ml.
Configuring Server Security for Cisco Unified Presence, page 4-3 Downloading Certificates from Cisco Unified Presence, page 4-4 Configuring the TLS Context on Cisco Unified Presence, page 4-4
Do This
Step 1
In Cisco Unified Mobility Advantage, create a Creating Security Contexts, page 9-7. Security Context that specifies Trusted Certificates for the Trust Policy. You can use this Security Context for all enterprise servers that have the same security requirements. If you will follow the instructions for the Configuration Wizard you can use the cuma Security Context.
Step 2
In the Enterprise Adapter for Cisco Unified Presence, select TLS as the Transport Type, then specify the Security Context that you created in an earlier step in this table. In Cisco Unified Presence, require secure communications.
Viewing and Changing Enterprise Adapter Settings, page 10-4. About Cisco Unified Presence Enterprise Adapter Settings, page A-10
Generate a self-signed certificate from Cisco Unified Downloading Self-Signed Certificates from Mobility Advantage. Cisco Unified Mobility Advantage, page 9-11. Import this certificate to the trust store of the Cisco Unified Presence server. Importing Certificates into Cisco Unified Operating System Servers, page 3-16.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
4-3
Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage
Do This
Step 6 Step 7
For Instructions, See Downloading Certificates from Cisco Unified Presence, page 4-4 Importing Self-Signed Certificates from Trusted Servers, page 9-10
Generate a certificate from Cisco Unified Presence. Import this certificate to the trust store of Cisco Unified Mobility Advantage.
Sign in to Cisco Unified Operating System Administration on the Cisco Unified Presence server. Select Security > Certificate Management. Select Find to display the list of certificates. Select sipproxy.pem. Select Download and save the file to your local computer. Return to the list of certificates, Select tomcat.pem. Select Download and save the file to your local computer. Return to the list of certificates, Select PresenceEngine.pem. Select Download and save the file to your local computer.
What To Do Next
Perform remaining required steps in How To Configure Server Security for Cisco Unified Presence, page 4-3.
Upload the certificate from Cisco Unified Mobility Advantage to the Cisco Unified Presence server. See Importing Certificates into Cisco Unified Operating System Servers, page 3-16.
Procedure
Step 1
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
4-4
Chapter 4
Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage Configuring Additional Settings for Presence Integration
Select System > Security > TLS Context Configuration. Select Find. Select Default_Cisco_UPS_SIP_Proxy_Peer_Auth_TLS_Context. Select the Cisco Unified Mobility Advantage certificate in the list of available TLS peer subjects. Move this TLS peer subject to Selected TLS Peer Subjects. Select Save. Select Cisco Unified Presence Serviceability > Tools > Service Activation. Restart the Cisco Unified Presence SIP Proxy service.
What To Do Next
Perform remaining required steps in How To Configure Server Security for Cisco Unified Presence, page 4-3.
To
Step 1
Do This
Configure an enterprise adapter for Cisco Unified For new installations: Presence You will configure this adapter while running the Configuration Wizard. See Configuring the Connection to Cisco Unified Presence, page 7-19. For upgrades from Release 3.x or for existing deployments: See Chapter 10, Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage and About Cisco Unified Presence Enterprise Adapter Settings, page A-10.
Step 2
For new installations: You will configure this while running the Configuration Wizard. For upgrades from Release 3.x or for existing deployments: See Enabling Exchange of Presence, page 12-5.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
4-5
Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage
To
Step 3
Do This See Configuring a Presence Account for Each User in Cisco Unified Communications Manager, page 3-24 See Obtaining Calendar Information for Meeting Notifications and Presence Integration, page 12-6. Pay special attention to the Before You Begin section.
Create a presence account for each user in Cisco Unified Communications Manager Allow presence display to reflect user meeting schedules
Step 4
Related Topics
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
4-6
CH A P T E R
Upgrade Sequence, page 5-1 How to Upgrade Release 3.0.4 to Release 3.0.9, page 5-1 How to Upgrade Release 3.0.9 to Release 3.1.2, page 5-4 How to Upgrade Release 3.1.2 to Release 7.0(1), page 5-7 Upgrading from Release 7.0(1) to Release 7.0(2), page 5-19
Upgrade Sequence
Each release upgrades only from the release that immediately preceded it. If you are upgrading from a release that did not immediately precede the release you are installing, you must sequentially upgrade each release. Follow the instructions in each applicable section of this chapter.
Completing Preinstallation Steps Installing the Server Applying Changes Completing the Upgrade
Sign in as root on the machine on which Cisco Unified Mobility Advantage Server is installed. Open a command terminal.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-1
Step 3
Sign in as an "informix" user and create a backup directory for the database export: su - informix mkdir /tmp/cumabk
Step 4
As root, stop the Cisco Unified Mobility Advantage Servers (Proxy Server, Enterprise Server, Node Manager Server, and Managed Server): /sbin/service cuma_proxy stop /sbin/service cuma_cuma stop /sbin/service cuma_nm stop /sbin/service cuma_admin stop
Step 5
Back up the configuration files located under $CUMAROOT/conf/admin/ directory. The default $CUMAROOT is /opt/cuma. The following examples use /opt/cuma, Replace /opt/cuma with your install directory. cd /opt/cuma/conf cp -R admin /tmp/cumabk/
Step 6
Back up the database startup script file /etc/init.d/cuma_db: cp /etc/init.d/cuma_db /tmp/cumabk/ Stop the Cisco Unified Mobility Advantage Servers and take an export dump of the database by executing the following commands as an "informix" user on the server where the database is installed: su - informix export INFORMIXDIR=/opt/cuma/informix export INFORMIXSERVER=mcs export PATH=$PATH:/opt/cuma/informix/bin cd $INFORMIXDIR/bin dbexport cumcsdb -ss -o /tmp/cumabk
Step 7
Step 8
Back up the orative.keystore file on the Managed Server to a temporary location: cp /opt/cuma/conf/orative.keystore /tmp/cumabk/
Sign in as root and uninstall the Cisco Unified Mobility Advantage Server Release 3.0.4 without uninstalling the underlying database by invoking the uninstaller program using the following command: /opt/cuma/Uninstall/uninstall -DIDS=false -i silent As root, install the Cisco Unified Mobility Advantage Server Release 3.0.9 without reinstalling the database:
Step 2
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-2
Chapter 5
Upgrading Cisco Unified Mobility Advantage How to Upgrade Release 3.0.4 to Release 3.0.9
Caution
You must be running an X-client if you are installing remotely. If you need an X-client, use WRQ Reflection. cd $cd_image_root/Disk1 (the default location is: cd /media/cdrom/Disk1) ./install.bin -DIDS=false
Step 3
Restore the backed up configuration files to the new installation location: cd /tmp/cumabk cp -R admin /opt/cuma/conf/ Enter Yes for all the overwrite prompts cp orative.keystore /opt/cuma/conf cp cuma_db /etc/init.d/
Step 4
Register the database so that it starts automatically, and then restart the database if it has not already been started: /sbin/chkconfig --add cuma_db /sbin/service cuma_db start
Applying Changes
Procedure
Step 1
Copy the jtapi jar file that corresponds to the version of Cisco Unified Communications Manager installed in your system to the lib directory on the Managed Server. The following example is for Cisco Unified Communications Manager version 6.0: cp /opt/cuma/var/jtapi/6/cisco_jtapi-6.jar /opt/cuma/jboss-4.0.1sp1/server/cuma/lib/ Start the Cisco Unified Mobility Advantage Admin Server and Node Manager Server: /sbin/service cuma_admin start /sbin/service cuma_nm start
Step 2
Sign in to the Cisco Unified Mobility Advantage Admin Portal. For example, http://mycompany.com:7080/adminportal. Upload the orative.keystore file that you backed up earlier to the server. You may need to download this file to your PC first before uploading it to the server.
Step 2
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-3
Upload the Cisco Unified Mobile Communicator .oar files in the Admin Portal. This must be done even if there are no new .oar files. Start the Managed Server. Uninstall Cisco Unified Mobility Advantage Release 3.0.4 from the Proxy Server, and then install Release 3.0.9. Use the old SSL keystore file and ports that you originally used for the Proxy Server installation. Make sure the Managed Server is running, and then start the Proxy Server.
Step 6
Completing Preinstallation Steps Installing the Server Applying Changes Completing Upgrade Tasks
Before you begin the upgrade, make sure that you have up-to-date port configuration information for the Cisco Unified Mobility Advantage Server and the Cisco Unified Mobility Advantage Proxy Server. Sign in as root on the machine where the Proxy Server is installed. Open a command terminal. As root, stop the Proxy Server: /sbin/service cuma_proxy stop Sign in as root on the machine where the Cisco Unified Mobility Advantage Server is installed. Open a command terminal. Sign in as an "informix" user and create a backup directory for the database export: su - informix mkdir /tmp/cumabk exit
Step 8
As root, stop the Cisco Unified Mobility Advantage Server, Node Manager Server, and Managed Server: /sbin/service cuma_cuma stop /sbin/service cuma_nm stop /sbin/service cuma_admin stop
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-4
Chapter 5
Upgrading Cisco Unified Mobility Advantage How to Upgrade Release 3.0.9 to Release 3.1.2
Step 9
Back up the configuration files located under $CUMAROOT/conf/admin/ directory. The default $CUMAROOT is /opt/cuma. The following examples use /opt/cuma. Replace /opt/cuma with your install directory. cd /opt/cuma/conf cp -R admin /tmp/cumabk/
Step 10
Back up the database startup script file /etc/init.d/cuma_db: cp /etc/init.d/cuma_db /tmp/cumabk/ Stop the Cisco Unified Mobility Advantage Servers and take an export dump of the database by executing the following commands as an "informix" user on the server where the database is installed: su - informix export INFORMIXDIR=/opt/cuma/informix export INFORMIXSERVER=mcs export PATH=$PATH:/opt/cuma/informix/bin cd $INFORMIXDIR/bin dbexport cumcsdb -ss -o /tmp/cumabk
Step 11
Step 12
Back up the orative.keystore file on the Managed Server to a temporary location: cp /opt/cuma/conf/orative.keystore /tmp/cumabk/ Back up the .WAR files: cp /opt/cuma/jboss-4.0.1sp1/server/admin/deploy/blackberry-admin.war /tmp/cumabk cp /opt/cuma/jboss-4.0.1sp1/server/admin/deploy/symbian-admin.war /tmp/cumabk cp /opt/cuma/jboss-4.0.1sp1/server/admin/deploy/blackberry-user.war /tmp/cumabk cp /opt/cuma/jboss-4.0.1sp1/server/cuma/deploy/blackberry-user.war /tmp/cumabk cp /opt/cuma/jboss-4.0.1sp1/server/cuma/deploy/symbian-user.war /tmp/cumabk
Step 13
Sign in as root and uninstall the Cisco Unified Mobility Advantage Server Release 3.0.9 without uninstalling the underlying database by invoking the uninstaller program using this command: /opt/cuma/Uninstall/uninstall -DIDS=false -i silent As root, install the Cisco Unified Mobility Advantage Server Release 3.1.2 without reinstalling the database:
Step 2
Caution
You must be running an X-client if you are installing remotely. If you need an X-client, use WRQ Reflection. cd $cd_image_root/Disk1 (the default location is: cd /media/cdrom/Disk1) ./install.bin -DIDS=false
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-5
Step 3
Restore the backed up configuration files to the new installation location: cd /tmp/cumabk cp -R admin /opt/cuma/conf/ Enter Yes for all the overwrite prompts cp orative.keystore /opt/cuma/conf cp cuma_db /etc/init.d/
Step 4
Restore the backed up .WAR files: cp /tmp/cumabk/blackberry-admin.war /opt/cuma/jboss-4.0.1sp1/server/admin/deploy/ cp /tmp/cumabk/symbian-admin.war /opt/cuma/jboss-4.0.1sp1/server/admin/deploy/ cp /tmp/cumabk/blackberry-user.war /opt/cuma/jboss-4.0.1sp1/server/cuma/deploy/ cp /tmp/cumabk/symbian-user.war /opt/cuma/jboss-4.0.1sp1/server/cuma/deploy/
Step 5
Register the database so that it starts automatically, and then restart the database if it has not already been started: /sbin/chkconfig --add cuma_db /sbin/service cuma_db start
Applying Changes
Procedure
Step 1 Step 2
Sign in as a root user on the server that is running Cisco Unified Mobility Advantage. Open a command terminal and edit the following file using the vi editor: vi /opt/cuma/conf/admin/admin.xml Change the value of node <vm_system_email_pattern> in <voicemail_from_email_filter> for <!-- Cisco Settings --> to: .*?(UNITY|unity|VPIM|vpim) .* Add node after <move_on_delete>true</move_on_delete> in <voicemail_from_email_filter> for <!-- Cisco Settings -->: <voice_introduction>introduction</voice_introduction> Open a command terminal and edit the following file using the vi editor: vi /opt/cuma/conf/admin/managed_server.xml Change the value of node <vm_system_email_pattern> in <voicemail_from_email_filter> for <!-- Cisco Settings --> to: .*?(UNITY|unity|VPIM|vpim) .* --Add node after <move_on_delete>true</move_on_delete> in <voicemail_from_email_filter> for <!-- Cisco Settings -->: <voice_introduction>introduction</voice_introduction> Start the Cisco Unified Mobility Advantage Admin Server and Node Manager Server.
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-6
Chapter 5
Upgrading Cisco Unified Mobility Advantage How to Upgrade Release 3.1.2 to Release 7.0(1)
Sign in to the Cisco Unified Mobility Advantage Admin Portal. For example, http://mycompany.com:7080/adminportal. Upload the orative.keystore file that you backed up earlier to the server. You may need to download this file to your PC first before uploading it to the server. Upload the Cisco Unified Mobile Communicator .oar files in the Admin Portal. This must be done even if there are no new .oar files. Go to Enterprise Adapters and select Edit for the Cisco Unified Communications Manager adapter. Make sure the Cisco Unified Communications Manager version is set properly. Select Submit on the Cisco Unified Communications Manager adapter page whether or not you make any changes. Start the Managed Server. Uninstall Cisco Unified Mobility Advantage Release 3.0.9 from the Proxy Server, and then install Release 3.1.2. Use the old SSL keystore file and ports that you originally used for the Proxy Server installation. Make sure the Managed Server is running, and then start the Proxy Server.
Step 9
How to Prepare To Upgrade, page 5-7 How to Configure Release 7.x to Run with Release 3.x Functionality After Upgrade, page 5-10 Adding New Functionality, Client Software, and Users After Upgrade, page 5-16
Preinstallation Tasks, page 5-8 Saving the SSL Certificate from the Proxy Server, page 5-8 Creating a Backup File of Your Release 3.1.2 Data, page 5-9
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-7
Preinstallation Tasks
Perform these tasks even if you will upgrade to Release 7.0(2).
Caution
We recommend that you install Cisco Unified Mobility Advantage Release 7.0(1) on a new server. Installing Release 7.0(1) formats the hard drive.
Procedures
Task Obtain necessary firewall ports from your IT security department. Port requirements have changed for Cisco Unified Mobility Advantage Release 7.x. If you will reuse the signed certificate from your Proxy Server on the Cisco Adaptive Security Appliance: Perform the first procedure required to reuse the signed certificate from your Release 3.1.2 Proxy Server on the Cisco Adaptive Security Appliance. You will complete the processes required to reuse the certificate after you install Release 7.0(1).
Saving the SSL Certificate from the Proxy Server, page 5-8
If you cannot reuse the signed certificate from (For New Installations) How to Obtain and Import your Proxy Server on the Cisco Adaptive Security the Cisco Adaptive Security Appliance-to-Client Appliance: Certificate, page 2-10. Obtain a new certificate for the Cisco Adaptive Security Appliance. Create a backup file of Release 3.1.2. Creating a Backup File of Your Release 3.1.2 Data, page 5-9
Notify users that existing voicemail notifications will no longer appear on their mobile devices after you install the upgrade. However, the messages are still available from Microsoft Exchange or Outlook, and from the Telephone User Interface (TUI).
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-8
Chapter 5
Upgrading Cisco Unified Mobility Advantage How to Upgrade Release 3.1.2 to Release 7.0(1)
Restrictions
The hostname of the Cisco Unified Mobility Advantage server in Release 7.0(1) must be the same as the hostname of the Managed Server in Release 3.1.2 (and the same as the hostname on the certificate.) You must know your certificate password. For security reasons, it is not possible to discover this password from Cisco Unified Mobility Advantage. If you do not know this password, you may be able to obtain a replacement certificate from the Certificate Authority; visit their web site to learn your options.
If your situation does not meet the restrictions above, skip the rest of this section and follow the instructions in (For New Installations) How to Obtain and Import the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-10.
Procedure
Step 1
Note the password for the certificate on your Proxy Server. Certificate From Proxy Server Your Password
Step 2
Locate the keystore file on the Proxy Server. The file is located in: /opt/cuma/conf/orative.keystore Copy the keystore file from the Proxy Server to a safe location.
Step 3
What To Do Next
Uploading the Proxy Server Certificate to Release 7.x, page 5-13 Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14 (For Upgrades from Release 3.x) Importing the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8
We recommend storing your backup on an SFTP server, but you can also use an FTP server or a tape backup system. Make sure the volume can accommodate the backup file, which will be 600-700 MB.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-9
Procedure
Step 1 Step 2
Obtain a copy of the Cisco Unified Mobility Advantage 7.x installation DVD. Copy the cuma_backup_restore.sh backup script located on the DVD to the Cisco Unified Mobility Advantage 3.1.2 server. The backup script is located on the DVD at: ${DVD_MOUNT_POINT}/RedHat/APPRPMS/cuma_backup_restore.sh As root, execute the following script to create a backup tar.gz file of the Cisco Unified Mobility Advantage 3.1.2 server: ./cuma_backup_restore.sh -b /opt/cuma /tmp/mybackup This command creates a backup tar file /tmp/mybackup.tar.gz on the Cisco Unified Mobility Advantage 3.1.2 server. For example: cuma_backup_restore.sh [-b <cuma_dir> {backup_file}] [-r <restore_file>] [-v <restore_file]
Step 3
-b Creates a backup of cuma_dir. If backup_file is not specified, then a unique time stamped backup file will be created in /common. -r Restores a backup, specified by restore_file. -v Displays the server version of the restore_file.
Caution
If you will install Release 7.0(1) on this server, do not leave the .tar file on this server. You will import this data file at the end of the Release 7.0(1) install process.
What To Do Next
Run the installer to perform the upgrade. See Chapter 6, Installing Cisco Unified Mobility Advantage.
How to Configure Release 7.x to Run with Release 3.x Functionality After Upgrade
Because of changes in port configuration and in the way server security, presence, and voicemail integration are provided in Cisco Unified Mobility Advantage Release 7.x, your existing deployment will not work after upgrade until you make configuration changes. We recommend that you make the required configurations to restore your Release 3.x functionality before you configure new features and devices. This approach will simplify troubleshooting should it be necessary.
Configuring Release 7.x to Run With Release 3.x Functionality, page 5-11 Uploading the Proxy Server Certificate to Release 7.x, page 5-13 Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14 Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-10
Chapter 5
Upgrading Cisco Unified Mobility Advantage How to Upgrade Release 3.1.2 to Release 7.0(1)
Your enterprise servers have not changed. The hostname of the Cisco Unified Mobility Advantage server is the same as the Managed Server.
Install the upgrade to Release 7.0(1). See Chapter 6, Installing Cisco Unified Mobility Advantage.
Procedure
Do This
Step 1
For Information, See Logging In to the Admin Portal, page 8-1 Note that in Cisco Unified Mobility Advantage Release 7.x the Admin Portal port is fixed at 7080. You obtained these ports in Opening Firewall Ports, page 1-5.
Sign in to the Admin Portal using your credentials from Release 3.1.2. Select System Management > Network Properties and specify the required port numbers, if they are different from the defaults.
Step 2
Step 3
Prepare the required certificate to be presented to If you will use the existing certificate from the the clients. Proxy Server:
See Uploading the Proxy Server Certificate to Release 7.x, page 5-13 and then Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14
How to Obtain and Install a Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8
Step 4
Determine whether you can re-use a signed certificate from the Managed Server, if you had one in Release 3.1.2. If you can reuse the certificate, you do not need to do anything in order to use it.
See Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15. If the Managed Server did not have a signed certificate that you want to reuse, see Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15 Chapter 2, Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage
Step 5
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-11
Do This
Step 6
(For Cisco Unified Communications Manager Release 7.x only) Update the Cisco Unified Communications Manager adapter: Select cuma for the Security Context. Create the Cisco Unity or Cisco Unity Connection adapter. The voicemail integration has changed for Cisco Unified Mobility Advantage Release 7.x; the voicemail settings used in Cisco Unified Mobility Advantage Release 3.x will not work for Release 7.x.
Viewing and Changing Enterprise Adapter Settings, page 10-4 About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6 Adding a New Enterprise Adapter, page 10-3 About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14 Enabling and Configuring Voicemail, page 12-4
Step 7
Step 8
Start Cisco Unified Mobility Advantage using the single control in Server Controls > Cisco > Control Server. Notify existing users of Release 3.x clients that:
Step 9
BlackBerry users should upgrade their client software. Users of Nokia Symbian phones who use the French, German, Spanish, or Italian client do not need to upgrade from Release 3.x. Users of Nokia Symbian phones who use the English version of the client should upgrade to client Release 7.0 in order to use the new features. However, they cannot use the standard upgrade procedure. Instead, they must delete their existing phones from the User Portal, then add their phones again as new phones. When they sign in to the new client, their data will be restored on the new client. For best results, they should connect to the server immediately before they delete their phones in order to ensure that no data that was added to their client since the last connection is lost. If voicemail credentials are not the same as Cisco Unified Mobile Communicator credentials, they must set their voicemail usernames and passwords in the User Portal before they can access voicemail from their mobile devices. They can access their voicemail from other standard methods regardless, such as from their desk phones.
Step 10
Verify that Release 3.x functionality is working properly with existing Release 3.x clients. Note that the availability feature will not work until you add Cisco Unified Presence in a later section.
Add new functionality. Add new users and devices. Have users of client Release 3.x for Nokia Symbian phones upgrade to client Release 7.x.
Adding New Functionality, Client Software, and Users After Upgrade, page 5-16
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-12
Chapter 5
Upgrading Cisco Unified Mobility Advantage How to Upgrade Release 3.1.2 to Release 7.0(1)
In order to convert the Proxy Server certificate for use on the Cisco Adaptive Security Appliance, you must first create a security context to store certificate and then upload it. You do not need to upload the Managed Server certificate; it is uploaded automatically during the upgrade.
Before You Begin
You must have performed the procedure in Saving the SSL Certificate from the Proxy Server, page 5-8.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5
Sign in to the Admin Portal using your password from Release 3.1.2. Select Security Context Management > Security Contexts. Select Add Context. Select Upload for Do you want to create/upload a new certificate? Enter information: Option Context Name Description Certificate Type Trust Policy Client Authentication Policy Certificate Value Enter information that describes the certificate, such as its source and type (signed.) JKS Keep the default. Keep the default. Navigate to and choose the Proxy Server certificate that you saved before performing the upgrade. Enter the password.
Certificate Password
Step 6
Select Submit.
What To Do Next
Perform the procedure in Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14.
Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance
You must download and modify this certificate before you can upload it to the Cisco Adaptive Security Appliance.
Before You Begin
Perform the procedure in Uploading the Proxy Server Certificate to Release 7.x, page 5-13. Obtain OpenSSL software. For information, visit www.openssl.org.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-13
Procedure
Step 1
Download the certificate file that was originally on the Proxy Server from Cisco Unified Mobility Advantage Release 7.0(1) and save it with a .p12 extension:
a. b.
Select Security Context Management > Security Contexts. Select Download in the row of the Security Context that holds the former Proxy Server certificate. The file downloads in PKCS12 format. Save the file. Change the filename extension from .keystore to .p12.
c. d. Step 2
Convert the PKCS12 file to PEM format using OpenSSL: You can run OpenSSL commands through an SSH session on any Linux machine, such as the Cisco Unified Mobility Advantage Release 3.1.2 managed server or Proxy Server. Run the following OpenSSL command: openssl pkcs12 -in your_p12cert.p12 -out your_pemcert.pem Open the PEM file in WordPad. Identify each section of the PEM file: This PEM file generally includes several certificates, each clearly marked with BEGIN CERTIFICATE and END CERTIFICATE labels:
Step 3 Step 4
The server certificate that you must manipulate using the rest of the steps in this procedure, along with its private key information. An intermediate certificate that you will copy and paste into the Cisco Adaptive Security Appliance command-line interface later. If this certificate is not included, you can obtain it later from your Certificate Authority web site. The root certificate that you will copy and paste into the Cisco Adaptive Security Appliance command-line interface later. If this certificate is not included, you can obtain it later from your Certificate Authority web site.
Step 5
Copy and save the private key section, including the following lines, to a new text file (for example, yourserver_key.txt). --BEGIN ENCRYPTED PRIVATE KEY-----END ENCRYPTED PRIVATE KEY---Copy and save the server certificate, including the following lines, to a new text file (for example, yourserver_cert.txt). --BEGIN CERTIFICATE-----END CERTIFICATE---Use OpenSSL to combine the key and certificate text files into a new file in PKCS12 format: openssl pkcs12 -in yourserver_cert.txt -inkey yourserver_key.txt -nodes -passin pass:<cert_password> -passout pass:<cert_password> -export -out sslout.p12
Step 6
Step 7
Step 8
Convert the output file to base64: openssl base64 -in sslout.p12 -out ssl64.p12
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-14
Chapter 5
Upgrading Cisco Unified Mobility Advantage How to Upgrade Release 3.1.2 to Release 7.0(1)
What To Do Next
Obtain any applicable intermediate and root certificates from the web site of your Certificate Authority, if they were not included in the PEM file in this procedure. Upload all required certificates to the Cisco Adaptive Security Appliance using the procedure in (For Upgrades from Release 3.x) Importing the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8.
Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance
If the Managed Server (as distinct from the Proxy Server) had a certificate that was signed by a recognized Certificate Authority (this release supports VeriSign and GeoTrust), this certificate was automatically uploaded into the cuma Security Context in Cisco Unified Mobility Advantage Release 7.0(1) during the upgrade. If the hostname of the Cisco Unified Mobility Advantage server after upgrade is the same as the hostname of the Managed Server in Release 3.1.2 (and on the certificate), you can reuse this signed certificate for Cisco Unified Mobility Advantage Release 7.x without any further action. If the Managed Server did not have a signed certificate, you have several options:
You can generate a self-signed certificate from Cisco Unified Mobility Advantage for import into the Cisco Adaptive Security Appliance. Users will see an untrusted certificate warning when they access the User Portal, but this warning does not prevent access or represent an actual security risk. You can also choose to obtain and deploy a new signed certificate now. You use a self-signed certificate for initial testing and then obtain and deploy a signed certificate later.
Determine whether you need to perform this procedure. See Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5
Select Security Context Management > Security Contexts in the Admin Portal. Select Manage Context beside the cuma security context. Select Download Certificate. Open the certificate in WordPad (not Notepad.) Copy the certificate text.
Related Topics
Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4 Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5 How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server, page 9-12 About Secure Connections and SSL Certificates, page 9-1
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-15
Explanation of Security Contexts, page 9-4 How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server, page 9-12
What To Do Next
Import this certificate into the Cisco Adaptive Security Appliance. See Importing a Self-Signed Certificate from Cisco Unified Mobility Advantage, page 2-12.
See the Restrictions and Limitations in the Release Notes for this release at http://www.cisco.com/en/US/products/ps7270/prod_release_notes_list.html. Note that there may be separate release notes for the client and for the server. Some features require certain versions of enterprise servers. See the System Requirements in the Compatibility Matrix at http://www.cisco.com/en/US/products/ps7270/products_device_support_tables_list.html. New features are available only for Release 7.x clients.
If you are upgrading to Release 7.0(2), install that upgrade before you complete this section. See Upgrading from Release 7.0(1) to Release 7.0(2), page 5-19.
Procedure
Do This
Step 1
Create additional security contexts, if desired, and Chapter 9, Managing Server Security in manage any additional certificates. Cisco Unified Mobility Advantage. During the upgrade, the certificate that was on the Managed Server in Release 3.1.2 is uploaded and a security context named cuma is created for it. Its Trust Policy defaults to All Certificates, and Client Authentication Policy defaults to None. You can assign this Security Context to any and all enterprise adapters that you create, so that you do not need to import or export certificates. You can change security requirements later to require certificates for added security.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-16
Chapter 5
Upgrading Cisco Unified Mobility Advantage How to Upgrade Release 3.1.2 to Release 7.0(1)
Do This
Step 2
Configure settings for Cisco Unified Chapter 3, Configuring Cisco Unified Communications Manager, including the Dial Via Communications Manager for Use With Office and integrated call logs features. Cisco Unified Mobility Advantage
a. b.
Configure Cisco Unified Communications Manager. Update the adapter in the Enterprise Configuration > Enterprise Adapter pages in the Admin portal. See information about the fields in the appendix. Be sure to specify a Security Context. For Release 7.0(2), enter the Web Services information. For Release 7.0(1), enter the SOAP information.
Be sure to complete the following for each feature you want to enable:
c. d.
Enable the call log monitoring and Dial via Office features and choose options. Configure users in Cisco Unified Communications Manager and in Cisco Unified Mobility Advantage. You are using Cisco Unified Communications Manager Release 7.x. There are existing users of the Release 3.x client on Nokia Symbian phones who will migrate to Release 7.x of the client. These users will use the same mobile phone number with client Release 7.x. How to Configure Cisco Unified Communications Manager for Each User and Device, page 3-19
Step 3
Then you must delete the existing Remote Destination profile in Cisco Unified Communications Manager, then configure the user and device following the instructions for Release 7.x.
Step 4
If you will integrate with Cisco Unified Presence: Chapter 4, Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage a. Configure the Cisco Unified Presence server.
b.
Create the enterprise adapter. Be sure to specify a Security Context. Enable the availability feature. Configure each user.
Operations in any Before You Begin sections. Operations in any What To Do Next sections. Procedures in Additional Required Configurations sections.
c. d.
Step 5
If you will integrate with Cisco Unified Enabling Conference Notifications, page 12-5 MeetingPlace or Cisco Unified MeetingPlace Express so that users receive alerts when meetings are about to begin, enable notifications.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-17
Do This
Step 6
For Information, See Uploading a Cisco Unified Mobile Communicator Release, page 13-2
Specify the service providers and phones that you Determining Supported Devices and Service will support. Providers, page 13-2 Activate new users.
Ensure that user access will not be blocked when For the system: Cisco Unified Mobility Advantage checks for Enabling Device ID Checking, page 12-1 Device IDs. For each user: By default, Release 3.x clients cannot connect. You must disable either the system-level checking Restricting Access By Device, page 14-2 or the setting for each user. Restart Cisco Unified Mobility Advantage.
Step 10
Stopping Cisco Unified Mobility Advantage, page 11-1 Starting Cisco Unified Mobility Advantage, page 11-1 User documentation for Cisco Unified Mobile Communicator for Nokia Symbian at http://cisco.com/en/US/products/ps7271/prod ucts_user_guide_list.html Chapter 17, Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones Chapter 15, Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage Chapter 16, Deploying Cisco Unified Mobile Communicator on BlackBerry Devices Chapter 17, Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones
Step 11
Have users of client Release 3.x for Nokia Symbian phones upgrade to client Release 7.x.
Step 12
Step 13
Give users the information they need to use Cisco Unified Mobile Communicator.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-18
Chapter 5
Upgrading Cisco Unified Mobility Advantage Upgrading from Release 7.0(1) to Release 7.0(2)
If for any reason you decide to back out of the upgrade, you can restart the system to the inactive partition that contains the older version of the software. However, you will lose any configuration changes that you made since upgrading the software.
Before You Begin
If this is a new installation of Cisco Unified Mobility Advantage and you have just installed Release 7.0(1), do both of the following before you upgrade to Release 7.0(2):
Complete the Configuration Wizard in Release 7.0(1) See Using the Configuration Wizard in
page 5-7.
Upgrade to Release 7.0(1). See Chapter 6, Installing Cisco Unified Mobility Advantage. Perform essential operations after upgrading to Release 7.0(1): See How to Configure Release
7.x to Run with Release 3.x Functionality After Upgrade, page 5-10.
Stop the server and verify that the server is not running before you continue. See Stopping
If you will upgrade from an image of the installer that is on a remote filesystem, make sure that you have SFTP access to the image. Back up your data. See Backing Up Your Cisco Unified Mobility Advantage Server, page 11-3. If you download the Cisco Unified Mobility Advantage software from Cisco.com, copy or note the MD5 value in the table on the page from which you download the image.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8
If you will upgrade using a DVD, insert the DVD into the disc drive of the Cisco Unified Mobility Advantage server. Go to the sign-in page of the Admin Portal. Select Cisco Unified OS Administration from the list box in the top right corner of the window. Select Go. Sign in using your platform administrator credentials. Select Software Upgrades > Install/Upgrade. Choose the location of the installer image from the Source list box. Enter required information:
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-19
Field Directory
Installations From DVD Directory on the DVD that holds the installer.
Installations From Remote Filesystem Directory on the SFTP server that holds the installer.
If the file is in the root directory, enter a If the file is in the root directory, enter a slash (/). slash (/). Server User Name User Password Transfer Protocol
Step 9 Step 10 Step 11
Hostname or IP address of the SFTP server Credentials for an account that has access to the SFTP server. Choose SFTP.
Select Next. Choose the software image to install, if prompted, then select Next. Wait for the software to download, if you are installing from a remote volume. This may take some time. If you are installing from a remote volume, verify that the MD5 Hash Value that you see in the window matches the MD5 value on the page from which you downloaded the software image. Choose one of the following:
Step 12 Step 13
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-20
Chapter 5
Upgrading Cisco Unified Mobility Advantage Upgrading from Release 7.0(1) to Release 7.0(2)
To Reboot immediately after upgrade and make the new software active.
Do This
1. 2. 3.
Choose Reboot to upgraded partition. Select Next. Wait for the system to reboot. This may take some time. The system does not notify you when the process is complete.
4.
Sign in to the Admin Portal when it is available. Choose Do not reboot after upgrade. Select Next. Scroll down periodically in the Installation Log and look for a message that the process is complete. This process may take some time. Select Finish.
a. Sign into the Cisco Unified OS Administration page with your
Install the upgrade and then manually reboot later to the upgraded partition.
1. 2. 3.
4.
This may take some time. The system does not notify you when the process is complete.
e. Try periodically to access the Admin Portal.
Related Topics
For Upgrades from Release 7.0(1): Reverting to a Previous Version of Cisco Unified Mobility Advantage, page 19-22
What To Do Next
If this is an upgrade from Release 3.1.2: Follow the procedures in Adding New Functionality, Client Software, and Users After Upgrade, page 5-16. If you are upgrading from Release 7.0(1):
You do not need to change existing Release 7.0(1) configurations unless you are adding or
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
5-21
CH A P T E R
Use the following procedure to install the operating system and Cisco Unified Mobility Advantage Release 7.0(1) on the Cisco MCS server.
Note
If you are installing Release 7.0(2), you must first install, configure, and successfully start Release 7.0(1), then upgrade to Release 7.0(2). This is true even if you install on a Cisco MCS server that was not supported under Release 7.0(1).
Before You Begin
Caution
The server on which you install Cisco Unified Mobility Advantage will be reformatted during the installation.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
6-1
Chapter 6
Do These Things
Advantage.
Chapter 2, Configuring the Cisco Adaptive Security Appliance (ASA)
for Use With Cisco Unified Mobility Advantage (Except certificate operations that cannot be performed before installing Cisco Unified Mobility Advantage and the sections on TLS and MMP.)
Chapter 3, Configuring Cisco Unified Communications Manager for
Use With Cisco Unified Mobility Advantage (Except certificate operations that cannot be performed before installing Cisco Unified Mobility Advantage.)
(If applicable) Chapter 16, Deploying Cisco Unified Mobile
procedure.
Procedure
Step 1 Step 2 Step 3
Insert the Cisco Unified Mobility Advantage DVD into the DVD-ROM drive of the server on which you are going to install Cisco Unified Mobility Advantage. Boot the computer from the DVD. Select Yes to perform a media check on the DVD. The media check can take up to 10 minutes. If the media check fails, contact Support. Select OK on the Product Deployment panel. Verify the Cisco Unified Mobility Advantage version to be installed and note that the hard disk will be overwritten. Select Yes to continue. Select Proceed on the Platform Installation Wizard panel to begin the installation. Select whether to import data from a 3.x Cisco Unified Mobility Advantage version:
Select No if this is a new installation, then Continue. Select Yes if you want to perform an upgrade and you have created a 3.1.2 backup file. You will import the backup file later in this procedure. Select Back, then Cancel if you are upgrading and you have not yet made a backup data file. Make the backup file, then start the installer again.
Step 9
Scroll through the list of time zones. Select the time zone that best represents the location of this server. Select OK.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
6-2
Chapter 6
Step 10 Step 11
Select Yes on the Auto Negotiation Configuration screen to enable automatic negotiation of ethernet NIC speed and duplex. Select No for Dynamic Host Configuration Protocol (DHCP) Configuration. You will enter a static address in the next screen. Enter Static Network Configuration values for this server. All fields are required. Field Host Name IP Address IP Mask GW Address Description Host name of this machine (do not include the domain) IP address assigned to the host Subnet mask for the host IP address of the default gateway Your Value
Step 12
Select OK. Select Yes to enable Domain Name System (DNS) Client. Enter values: Field Primary DNS Secondary DNS Domain Description IP address of the primary DNS server (Optional) IP address of the secondary DNS server Domain component of the FQDN Your Value
Step 16 Step 17
Select OK. Enter values for the platform Administrator Login: Field Administrator ID Description Administrator ID to sign in to the computer. (This is distinct from the Cisco Unified Mobility Advantage Admin Portal sign-in information.) This does not need to match any existing value. Password Confirm Password The password for the Administrator ID. Confirm the password for the Administrator ID. Your Value
Step 18
Enter your company information for the certificate information. This information is used internally by the platform and is not relevant to any other certificate procedure in this guide. There are no restrictions on these values. Select OK. Select Yes to set up external Network Time Protocol servers.
Step 19 Step 20
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
6-3
Chapter 6
Note
We recommend synchronizing the date and time of the server automatically using Network Time Protocol (NTP). A time server (computer that sends accurate date and time settings to other servers through the network) must be available to use NTP.
a.
Enter the NTP server host name or IP address in the NTP Server field. Description Host name or IP address of the NTP server with which to synchronize the Cisco Unified Mobility Advantage server. Your Value
b. Step 21
Select OK,
Enter the correct date and time to set the hardware clock. You must do this even if you synchronize the clock using an NTP server. Enter a security password for the internal database.
Step 22
Your Value
Select OK. Select No for the SMTP Host Configuration. (For upgrades only) Retrieve your backup data:
a. b.
Select the Data Migration Retrieval Mechanism that matches your backup. Enter the backup file location and information. The table below assumes you used the recommended SFTP for your backup. Values are case-sensitive:
Setting Remote Server Name or IP Remote File Path Remote File Name Remote Login ID Remote Password Confirm Password
c. Step 26
Description Host name or IP address of the SFTP server that has the Release 3.1.2 backup file Directory on the server that contains the Release 3.1.2 backup file Release 3.1.2 backup filename User sign-in ID used for SFTP file transfer User password used for SFTP file transfer Confirm user password
Your Value
Select OK.
Enter a password for accessing the Cisco Unified Mobility Advantage Admin Portal.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
6-4
Chapter 6
Setting
Description
Cisco Unified Mobility Password required to sign in to the Cisco Unified Mobility Advantage Admin Portal. Advantage Administrator password This does not need to match any existing value. For upgrades, this information will be ignored. Use your password from the previous release.
Step 27 Step 28
Select OK. Select OK to complete the installation. This is your last opportunity to cancel the installation. Formatting begins, and then the installation starts. The installation can take from 45 minutes to one hour to complete. The server will reboot at least once. You will see a message when installation is complete. Wait a few minutes for the system to be ready for you to sign in to the Admin Portal.
Step 29
What To Do Next
If this is a new installation, whether or not you plan to upgrade to Release 7.0(2): Follow the instructions in Using the Configuration Wizard in Cisco Unified Mobility Advantage, page 7-1. If this is an upgrade from Release 3.x to Release 7.0(1): Follow the instructions in How to Configure Release 7.x to Run with Release 3.x Functionality After Upgrade, page 5-10.
Do not run the configuration wizard if you are performing an upgrade.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
6-5
Chapter 6
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
6-6
CH A P T E R
After you install, configure Cisco Unified Mobility Advantage using the configuration wizard.
Logging in to the Admin Portal for the First Time, page 7-1 How to Use the Configuration Wizard, page 7-2 Downloading the Self-Signed Certificate (After Running the Configuration Wizard), page 7-25 Performing Additional Required Procedures, page 7-25
Make sure that you have the Cisco Unified Mobility Advantage Administrator password you specified during installation.
Procedure
Step 1
Enter the following URL into a supported web browser: http://hostname or IP Address of the Cisco Unified Mobility Advantage server:7080/adminportal For example: http://mycompany.com:7080/adminportal
Step 2
Enter the password The username is admin; you cannot change it. Select Login. Select Next to start the configuration wizard.
Step 3 Step 4
Troubleshooting Tip
If you see a Page Not Found error, the system may not yet be ready. Try waiting a few more minutes.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-1
Configuring Security Context Management, page 7-2 Configuring the Connection to Active Directory, page 7-5 Configuring the Connection to Microsoft Exchange, page 7-11 Configuring the Connection to the Voicemail Server, page 7-12 Configuring the Connection to Cisco Unified Communications Manager, page 7-16 Configuring the Connection to Cisco Unified Presence, page 7-19 Viewing Configuration Summaries for Connections to Enterprise Servers, page 7-20 Completing the System Configuration Screen, page 7-20 Configuring Server Setup Network Configuration, page 7-21 Uploading the Client Software to the Server, page 7-23 Managing Provisioning Options, page 7-24 Finishing the Configuration Wizard, page 7-24
Caution
Gather, note, and print the information you will need to complete this Configuration Wizard. See Preparing Information Required for Installation and Configuration, page 1-6.
Note
Do not select the Back button in your browser window or you will lose any unsaved information you have entered.
Tip
You can stop running the wizard at any time and your changes will be saved. When you next sign in, the wizard will resume where you stopped.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-2
Chapter 7
Using the Configuration Wizard in Cisco Unified Mobility Advantage How to Use the Configuration Wizard
Obtain the ISO country code for the country where your company is located. Visit http://www.iso.org/iso/country_codes/iso_3166_code_lists/english_country_names_and_code_ele ments.htm.
Procedure
Step 1 Step 2
Select Create for Do you want to create/upload a new certificate? Enter information. All information is required. Field Context Name Description Trust Policy Client Authentication Policy Certificate Password Server Name Values For The First Security Context Enter cuma Enter trusted_certificates Select Trusted Certificates Select None. Your Value cuma trusted_certificates Trusted Certificates None
Enter the password you want to assign to this certificate. The password must be at least six characters in length. Note this password in a safe place. You may need it later. Enter the fully qualified hostname of this server.
Department Name Enter the name of the department that will be using Cisco Unified Mobility Advantage, if restricted to one department. This value must match the OU value you entered when you generated the Certificate Signing Request for the signed certificate from the Cisco Adaptive Security Appliance. Company Name City State Enter your company name. Enter the city where the department or company is located. Enter the state or province where the city is located. For locations in the United States and Canada, the Certificate Authorities require that you spell out the full name. For example: California (not CA). For other locations, there are no restrictions on this value. Country Code Enter the two-letter ISO country code for the country where the company is located.
Step 3 Step 4
Select Next. Ignore this instruction: Please submit a request to the certificate signing authority (CSA) with the following CSR and select Next. You see this question: Is there any certificate that needs to be imported? Select No. Select Next.
Step 5 Step 6
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-3
Step 7 Step 8
Select Yes to the question Do you want to create one more context? Select Next. The Security Context is created with a self-signed certificate. You will return to this later. Select Next. Select Create for Do you want to create/upload a new certificate? Enter information: Field Context Name Description Trust Policy Client Authentication Policy Certificate Password Server Name Values for The Second Security Context Enter cuma_trust_all Enter trust_all_certificates. Select All Certificates Select None
Enter the password you want to assign to this certificate. The password must be at least six characters in length.
This information should be the same as for the Security Context you just Department Name configured. Company Name City State Country Code
Select Next. Skip this instruction: Please submit a request to the certificate signing authority (CSA) with the following CSR. Select Next. Select No to the question: Is there any certificate that needs to be imported? Select Next. Select No to the question Do you want to create one more context? Select Next. The Security Context is created with a self-signed certificate. You will return to this later. Select Next.
Step 19
Related Topics
Downloading the Self-Signed Certificate (After Running the Configuration Wizard), page 7-25
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-4
Chapter 7
Using the Configuration Wizard in Cisco Unified Mobility Advantage How to Use the Configuration Wizard
Note
Accept the default values where they appear unless you have specific reasons to change them.
Procedure
Step 1
Select and enter your corporate directory server information: Field Corporate Directory Type Adapter Name Description Description Select Active Directory. Other directory types are not supported in this release. Enter a name you want to assign to the corporate directory adapter. Enter a description for the corporate directory adapter.
Step 2 Step 3
Select Next. Enter the host name or IP address of the corporate directory server: Field Active Directory Hostname or IP Address Active Directory Port LDAP port of the corporate directory server. Cisco Unified Mobility Advantage uses this port to connect to the corporate directory for user directory listing and searches. Default is 389. The wizard attempts to detect this port; if successful, do not change it. Description Hostname or IP address of the Active Directory server. Your Value
Step 4 Step 5
Select Next. Select a Base DN from the list or select Edit if to add or modify the Base DN:
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-5
Field Base DN
Description Distinguished name of the root node in your corporate directory server. This is the level in the corporate directory hierarchy at which Cisco Unified Mobility Advantage starts searches. If you are deploying Cisco Unified Mobility Advantage for the entire company, set this value to the base level for the company. For example: DC=example,DC=com If you are deploying Cisco Unified Mobility Advantage for a single organizational unit, you may choose the base level for this organizational unit. For example: OU=Sales,DC=example,DC=com Microsoft recommends that Organizational Units be limited to fewer than 1000 entries.
Your Value
Step 6 Step 7
Select Next. Change the additional information that appears, if necessary. Field Filter Criteria Description Criteria that distinguish employees from other resources in Active Directory, such as conference rooms that can be invited to meetings. Do not change the default value unless you have a specific reason to do so. Follow Referral Determines if Cisco Unified Mobility Advantage follows referrals from the authoritative Active Directory server to cascaded Active Directory servers, for example for subdomains, when searching. The default value is True. Polling Period (days) Frequency (in days) with which Cisco Unified Mobility Advantage checks the corporate directory server for updates. The default is 1 day. Your Value
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-6
Chapter 7
Using the Configuration Wizard in Cisco Unified Mobility Advantage How to Use the Configuration Wizard
Description The format you enter here must match the format of the following phone numbers:
Your Value
For releases of Cisco Unified Communications Manager later than 4.x: The primary directory number for each person in Cisco Unified Communications Manager. For Cisco Unified Communications Manager Release 4.x: Phone numbers in Active Directory in the attribute you specify for the Work Phone field in the Advanced Settings described in the table below.
Be careful not to include any extra spaces, especially at the beginning or end of your number format. The correct phone number format enables the system to identify callers by name if the phone numbers in your Active Directory do not use the North American Numbering Plan. By default, Cisco Unified Mobility Advantage formats numbers using the North American Numbering Plan, (###) ###-####, where each # represents a digit. Up to ten digits will be formatted according to this pattern, starting from the right. Therefore:
If a number has five digits (for example, 12345), Cisco Unified Mobility Advantage searches Active Directory for the number in the format 1-2345. If a number has six digits (for example, 123456), Cisco Unified Mobility Advantage searches Active Directory for the number in the format 12-3456.
If you do not use any punctuation at all, the number format for the same number of digits as the default would be ##########. If you need to change this value after Cisco Unified Mobility Advantage is running, restart Cisco Unified Mobility Advantage after you make this change. Connection Type Type of connection to use between Cisco Unified Mobility Advantage and the Active Directory server. Select SSL for secure connections. Select Plain for nonsecure connections. This should match the connection type that Active Directory requires. Security Context This field appears if you selected SSL for Connection Type. Select the cuma_trust_all Security Context that you created at the beginning of the wizard.
Step 8 Step 9
Select Next. Enter information for the account that Cisco Unified Mobility Advantage Server uses to read data from your corporate directory server:
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-7
Field Admin DN
Description Enter the distinguished name of the account that Cisco Unified Mobility Advantage uses to read data from your corporate directory server. For example: CN=CUMA Read Only User,CN=Users,DC=department,DC=example, DC=com This account must have at least read-only permissions in your corporate directory server. It must also have a valid Exchange mailbox.
Your Value
The password for the Admin DN account. If you entered the short form of the Admin DN (Domain name/User ID) instead of the long form including the container name, check the box to append the Base DN to the Admin DN.
Step 10
Select Next. You see the fields in Active Directory that hold directory information for each user. Field Distinguished Name Description Attribute name in Active Directory that represents the distinguished name of a user. For example: distinguishedName First Name Attribute name in Active Directory that represents the first name of a user. For example: givenName Last Name Attribute name in Active Directory that represents the last name of a user. For example: sn User ID Attribute name in Active Directory that represents the corporate name of a user. For example: sAMAccountName Email Attribute name in Active Directory that represents the email address of a user. For example: mail Your Value
Step 11 Step 12
Select Edit only if you have a specific reason to change the default values. Select Next.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-8
Chapter 7
Using the Configuration Wizard in Cisco Unified Mobility Advantage How to Use the Configuration Wizard
You see information that Cisco Unified Mobility Advantage uses to determine which Microsoft Exchange server at your company holds the information for each user: Field Contact Adapter Description Enter the name of the attribute within the corporate directory that identifies the logical Exchange server resource name for a user. For example: msExchHomeServerName DNS Host Name Enter the name of the attribute within the corporate directory that identifies the DNS host name of a server machine. For example: dNSHostName Your Value
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-9
Description Enter a mask for the Contact Adapter DN value. The format of the DN Mask is: ??,CN=Computer,DC=department,DC=example,DC=com Cisco Unified Mobility Advantage will use the value of the Contact Adapter field (entered above) in combination with this DN Mask to search for the DNS hostname of a user's Exchange Server. ?? is substituted with the CN=<hostname of the Exchange server>. The following part is used to complete the DN. This complete string is then used to retrieve details about the user's Exchange host. The hostname is retrieved from Active Directory using the Contact Adapter attribute of the user entry. Contact Adapter (msExchHomeServerName). For example, if in Active Directory for user test1, the msExchHomeServerName is "myExchange" and the DN Mask is configured as ??, CN=Computer, DC=myDivision, DC=somecompany, DC=com, then the Cisco Unified Mobility Advantage Enterprise server will lookup the following entry in Active Directory to get details about the Exchange server and use it to store personal contacts of the test1 user: CN=myExchange, CN=Computer, DC=myDivision, DC=somecompany, DC=com
Your Value
Enter the Distinguished Name of the root node that contains your Exchange Server's information in your corporate directory. For example: CN=Computers,DC=department,DC=example,DC=com Cisco Unified Mobility Advantage searches the Exchange Server from this root node. Use the lowest node that includes the necessary names. Using a higher node will create a larger search base and thus reduce performance if the directory is very large. Microsoft retrieves up to 1000 results per search.
Select Edit only if you have a specific reason to change the default values. Select Next. Review the information on the Corporate Directory Configuration Summary screen. To change any setting, select Reset. Otherwise, select Next.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-10
Chapter 7
Using the Configuration Wizard in Cisco Unified Mobility Advantage How to Use the Configuration Wizard
Directory Lookup for personal contacts of users Caller identification of people who are in the personal contact list of users Triggering meeting notifications
Configure Cisco Unified Mobility Advantage to communicate with the Exchange server.
Procedure
Step 1
Select or enter personal contact server information. Field Personal Contact Server Type Adapter Name Description Description Select MS Exchange 2000/2003. Other personal contact servers are not supported in this release. Enter a name that you want to assign to this adapter. Enter a description for this adapter.
Step 2 Step 3
Select Next Enter information: Field Description If Microsoft Exchange is clustered, use the hostname associated with the Outlook Web Access (OWA) bridgehead. Transport Type TLS is the secure transport type. Select TLS if Exchange is running SSL. TCP is the nonsecure transport type. Select TCP if Exchange is not running SSL. Your Value
Step 4 Step 5
Select Next. Enter information: Field Port Description The port used to connect the Cisco Unified Mobility Advantage Server to the Exchange server. This is the Outlook Web Access (OWA) port of the Exchange server. The default port for SSL connections is 443. The default port for non-SSL connections is 80. Your Value
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-11
Description The domain for this instance of the Exchange server. For example, CORP. This is the domain that users use when logging into their Windows desktops.
Your Value
The suffix that is appended to usernames to complete corporate email addresses. Leave this field blank unless you have a specific reason to change it, for example if you have email addresses with subdomains such as sales.yourcompany.com that resolve to a single domain such as yourcompany.com. If email addresses cannot be determined from Active Directory, obtain this value from your Exchange administrator. This suffix must be a fully qualified DNS domain name. It is often, but not always, yourcompany.com. Do not include the @ character.
Step 6 Step 7
Select Next. Specify whether Cisco Unified Mobility Advantage will integrate with your conferencing application (Cisco Unified MeetingPlace or Cisco Unified MeetingPlace Express): Field Enable Conference Integration Description Specify whether or not to provide conference notifications to Cisco Unified Mobile Communicator users. Your Value
Polling Period (sec) These values apply when you integrate Cisco Unified Mobility Advantage with your conferencing system. Max Threads Polling Offset (min)
Step 8 Step 9 Step 10
Select Next. Review the information on the summary screen. To change any setting, select Reset. Select Next.
Select Yes to configure a voicemail adapter if Cisco Unified Mobility Advantage will connect to Cisco Unity or Cisco Unity Connection. Select Next.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-12
Chapter 7
Using the Configuration Wizard in Cisco Unified Mobility Advantage How to Use the Configuration Wizard
Step 3
If you selected Yes, continue with this procedure. If you selected No, skip the rest of this procedure.
Voicemail Adapter Select the type of voicemail server that your company uses. For example, Cisco Unity. Type Adapter Name Description
Step 4 Step 5
Enter a name that you want to assign to the voicemail adapter. Enter a description for the voicemail adapter.
Select Next. Enter information: Field IMAP Information Unity Exchange Hostname/IP Address For Cisco Unity: Hostname of the Exchange server. If you have users on more than one Exchange server, create a separate Cisco Unity adapter for each Exchange server. For Cisco Unity Connection: IP address of the Cisco Unity Connection server. If you have users on more than one Cisco Unity Connection server, create a separate adapter for each Cisco Unity Connection server. Transport Type Choose the connection type for connections to the Exchange server (for Cisco Unity) or to the Cisco Unity Connection server. This setting must match the setting on the Exchange or Cisco Unity Connection server. Select TLS for secure connections (SSL on Exchange or TLS on Cisco Unity Connection). Select TCP for nonsecure connections. Security Context You see this option only if you chose TLS as the Transport Type and you are connecting to Cisco Unity Connection. Choose cuma_trust_all. Description Your Value
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-13
Field Port
Your Value
For Cisco Unity: Default is 143. For Cisco Unity Connection: Default is 7993 For Cisco Unity: Default is 993 For Cisco Unity Connection: Default is 7993
Enter the frequency with which Cisco Unified Mobility Advantage checks for new voice messages. The default is every 600 seconds. Very frequent polling may impact performance.
Are the Voicemail Select Yes if the user ID and password for the user account on the voicemail system are the same as in Active Directory. credentials for the user the same as the Select No otherwise. corporate credentials? Unity Version This field applies only if you are connecting to Cisco Unity. Select the Unity server version. If your version is Cisco Unity 7.x, enter the following SOAP information. SOAP Information Information in this section applies only if you are connecting to Cisco Unity Version is Release 7.x. Unity Host Name/ IP Address Enter the host name or IP address of the Cisco Unity server. This may or may not be the same as the Unity Exchange Host Name/IP Address which hosts the voice messages that are retrieved by IMAP, which you entered above. Select TLS for SSL connections. Select TCP for nonsecure connections. This must match the connection type you specify in Cisco Unity. Port Unity Backup Host Name/ IP Address Application User Name Enter the SOAP port. The default port for TLS is 443, and the default for TCP is 80. Enter the host name or IP address of a back up Cisco Unity server if you have one. Enter the Unity Application User ID. This is the same user ID that you use to sign in to the Cisco Unity Administration page.
Transport Type
Application Password Enter the Password for the Unity Application User.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-14
Chapter 7
Using the Configuration Wizard in Cisco Unified Mobility Advantage How to Use the Configuration Wizard
Field Domain
Description Enter the Microsoft Exchange or NT domain of the Cisco Unity inbox.
Note
Your Value
Step 6 Step 7
Select Next. Accept the default values for the following fields unless you have specific reason to change them. Field Phone number search field name Phone number search pattern Description Field to search the phone number of a caller. Default is Subject. We recommend that you do not change the default value. Regular expression for the search pattern that should be used in the Phone Number Search Field Name field. This information is used to identify callers by matching information from Cisco Unity and Cisco Unified Communications Manager with existing contact information in Exchange and Active Directory. Default is the regular expression [0-9]{4,} We recommend that you do not change the default value. Your Value
Step 8 Step 9
Select Next. Select options for voicemail integration. Field Enable Corporate Voicemail Integration Maximum Expiry of Voicemails (days) Description Determine whether or not the Cisco Unified Mobility Advantage Server integrates with your corporate voicemail system and provides voice message viewing and listening capabilities on Cisco Unified Mobile Communicator. The maximum number of days that voice messages will be listed in the client. Default is 30. Your Value
Step 10 Step 11
Select Next. Review the information on the summary screen. To change any setting, select Reset.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-15
Step 12
Select Next.
The usernames and passwords for the CTI-enabled super user accounts you created in Creating CTI-Enabled Super User Accounts, page 3-3. (For Cisco Unified Communications Manager Release 5.x through 7.x) The AXL User ID and password in Configuring Standard AXL API Access to Retrieve User Information, page 3-5. (For Cisco Unified Communications Manager Release 4.x) The Directory Lookup rules you will need. You determined these in Preparing Information Required for Installation and Configuration, page 1-6.
Procedure
Step 1 Step 2 Step 3
Select Yes at the prompt to configure a call control adapter. Select Next. Enter information: Field Call Control Server Type Adapter Name Description Description Select Cisco Unified Communications Manager. Enter a name of your choice. Enter a description.
Step 4 Step 5
Select Next. Enter information for Cisco Unified Communications Manager. The exact fields you see depend on the Cisco Unified Communications Manager version. Be sure to scroll down in the wizard to see all fields. Field Address Information Primary Host Name Enter the hostname or IP address of the primary Cisco Unified Communications Manager server on which you configured the CTI-enabled super user account or accounts. Primary Server Port Enter the port used to communicate with the primary Cisco Unified Communications Manager server. The default is 5060. Description Your Value
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-16
Chapter 7
Using the Configuration Wizard in Cisco Unified Mobility Advantage How to Use the Configuration Wizard
Field
Description
Your Value
Backup Host Name (Optional) Enter the backup server host name or IP address. Backup Server Port Enter the port used to communicate with the backup Cisco Unified Communications Manager server. CTI User Credentials User Name Enter the CTI-enabled super user you created in Cisco Unified Communications Manager. If you created more than one super user, select Add More to add each. Password SIP Information Transport Type Select TLS for secure connections. Select TCP for normal connections. Select UDP for connections without error correction. The default transport type is TCP. This must match the setting in the CUMA Server Security Profile on the Cisco Unified Communications Manager server. Communications Manager Version Select the version of Cisco Unified Communications Manager. Enter the password or passwords associated with the user ID or names above.
For Release 7.0(1): SOAP Information (In the Admin Portal in Release 7.0(2), this label is Web Services Information) The following fields appear only if you choose Cisco Unified Communications Manager Release 7.x. Https Port Enter the SIP port number of the Cisco Unified Communications Manager server. This is often the same secure port that runs the Cisco Unified Communications Manager Administration page. Cisco Unified Communications Manager runs the AXL interface on this port. The default is 8443. User Name Enter the Cisco Unified Communications Manager Application User ID to which you assigned standard AXL API access. Enter the Password for the user in the row above. This field appears only if you selected TLS for Transport Type. Select cuma_trust_all.
Step 6
Additional Information
Select Next.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-17
Select Next on the Dial Rule Instructions page if you are using any version of Cisco Unified Communications Manager other than Release 4.x. (For Cisco Unified Communications Manager Release 4.x only) Enter the directory lookup rules you planned earlier. Select Next. Select options for Cisco Unified Communications Manager integration. Field Enable Corporate PBX Integration Description Select Yes:
To allow users to view in Cisco Unified Mobile Communicator lists of calls they make and receive on all of their office phones To enable the Dial via Office feature.
Select No to allow users to view in Cisco Unified Mobile Communicator only the calls they make and receive on Cisco Unified Mobile Communicator, and to disable the Dial via Office feature. Enable Dial Via Office This option is available only for Cisco Unified Communications Manager Release 7.x and only if you enable corporate PBX integration. Select Yes to enable the Dial via Office feature on Cisco Unified Mobile Communicator. To enable Dial Via office, both "Enable Corporate PBX Integration" and "Enable Dial Via Office" must be set to Yes. Dial Via Office Policy This option is available only for Cisco Unified Communications Manager Release 7.x, and only if you enable Dial Via Office. Select User Option to allow users to choose whether to use the Dial via Office feature for dialing calls. Select Force Dial Via Office to require all users to dial all calls as if they were coming from the office. Dial Via Office Emergency Numbers This option is available only for Cisco Unified Communications Manager Release 7.x, and only if you enable Dial Via Office. Enter phone numbers that will always be dialed directly from the mobile phone and never be dialed via the office. These can be emergency numbers or other numbers such as directory information numbers. For example, in the United States these might include 911 and 411. Maximum Expiry of Call Logs (days) Indicates the maximum value that a user can select for the number of days within which call logs will be sent to the client. Default is 30.
Step 11 Step 12
Select Next. Review the information on the summary screen. To change any setting, select Reset. The Dial Rule Configuration section is referring to the Directory Lookup configuration.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-18
Chapter 7
Using the Configuration Wizard in Cisco Unified Mobility Advantage How to Use the Configuration Wizard
Step 13
Select Next.
Choose Yes if you want to integrate Cisco Unified Mobility Advantage with a Cisco Unified Presence server. Select Next.
If you selected Yes, continue with this procedure. If you selected No, skip the rest of this procedure.
Step 3
Enter the Cisco Unified Presence Server adapter information: Field CUP Server Type Adapter Name Description Description Select Cisco Unified Presence. Enter a name that you want to assign to the Cisco Unified Presence Server adapter. Enter a description for the Cisco Unified Presence Server adapter.
Step 4 Step 5
Host Name/IP Address Hostname or IP address of the Cisco Unified Presence server to which all Cisco Unified Mobility Advantage users are assigned. Port Port on which Cisco Unified Mobility Advantage will communicate with Cisco Unified Presence. (The port of the SOAP Web Service interface that Cisco Unified Presence listens on to accept user sign-in requests.) The default is 8443. Backup Host Name/ IP Address (Optional) Hostname or IP address of the backup Cisco Unified Presence Server, if you have one.
Application User Name The user ID of the Application User you created in Cisco Unified Presence for Cisco Unified Mobility Advantage.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-19
Your Value
Select Next. Accept the default SIP settings for the Cisco Unified Presence Server, unless you have specific reasons to change them. Field Default Subscription Interval Transport Type Description Default is 3600. Default is TCP. If you configured Cisco Unified Presence to require a TLS connection, you must select TLS here. Listen Port Min Connections Max Connections Max Load Per Connection Default is 5060. Default is 5. Default is 20. Default is 200. Your Value
Select Yes to enable users to share availability status information. Select Next. Review the information on the summary screen. To change any setting, select Reset. Select Next.
Select the Host Name/IP Address of any server for which you want to view a configuration summary. Select Next when you are satisfied with your configurations. You see the System Configuration screen
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-20
Chapter 7
Using the Configuration Wizard in Cisco Unified Mobility Advantage How to Use the Configuration Wizard
The SMTP Server must allow relaying from Cisco Unified Mobility Advantage. For information, contact your SMTP server administrator or see the documentation for your SMTP server.
Procedure
Step 1
Description Enter a domain name for this instance of the Cisco Unified Mobility Advantage Server. This forms the address of the Cisco Unified Mobile Communicator user. For example: cisco.com This should match the Proxy domain of the Cisco Unified Presence server.
Your Value
Domain
Session Timeout Enter the number of days after which users must sign in again to Cisco Unified Mobile Communicator. (days)
SMTP Server Configuration
Host Name
Enter the hostname of your SMTP gateway. This must be the same as your Exchange hostname if you use the Exchange server as your SMTP gateway. Enter the port number for the SMTP gateway. Usually, this is 25. Specify whether or not your organization requires authentication for access to the SMTP server. Enter the email address of the Cisco Unified Mobility Advantage administrator. Cisco Unified Mobility Advantage uses this email address to send provisioning messages and alerts to users.
If you selected True for Authentication Required, enter the password associated with the account you entered for the Admin Email address in the previous row of this table.
Select Next.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-21
You will need the Proxy Host Name that you obtained in Obtaining IP Addresses and DNS Names from IT, page 1-3. You will need the port numbers you obtained in Opening Firewall Ports, page 1-5.
Procedure
Step 1
Enter information: Field Proxy Host Name Description Host name that clients will use to connect through the Cisco Adaptive Security Appliance to Cisco Unified Mobility Advantage. You obtained this value when you completed preinstallation steps. The hostname must be routable from the Internet. The Proxy Host Name should resolve to the external IP address that you received from your IT administrator. Proxy Client Connection Port Enter the port that is used for secure communication between the Cisco Unified Mobile Communicator client and the Cisco Adaptive Security Appliance. Enter the port through which clients connect to the Cisco Adaptive Security Appliance for wireless downloads of Cisco Unified Mobile Communicator. For BlackBerry-only deployments: This field is not used for BlackBerry clients if you will distribute the client software only through the BlackBerry Enterprise Server. However, you must enter a value. Enter any number within the allowed range. Managed Server Information Client Connection Port Enter the port that Cisco Adaptive Security Appliance uses to connect to Cisco Unified Mobility Advantage. The Cisco Adaptive Security Appliance translates this port to the Proxy Client Connection Port for Cisco Unified Mobile Communicator client connections to the Cisco Adaptive Security Appliance. User Portal Port Enter the port users will use to access the Cisco Unified Mobile Communicator User Portal. The range is 9400-9500. The default value is 9443. For security, this port should be available only behind your corporate firewall. Your Value
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-22
Chapter 7
Using the Configuration Wizard in Cisco Unified Mobility Advantage How to Use the Configuration Wizard
Description The port on which users will download the client software. This port is translated to the Proxy Client Download Port for client connections to the Cisco Adaptive Security Appliance. For BlackBerry-only deployments: This field is not used for BlackBerry clients if you will distribute the client software through the BlackBerry Enterprise Server. However, you must enter a value. Enter any number within the allowed range.
Your Value
Security Context
Select the cuma Security Context that you created at the beginning of the wizard.
Step 2
Select Next. The Server Setup Summary screen appears. Review the information. To change information, select Reset. Select Next.
Step 3 Step 4
Obtain the Cisco Unified Mobile Communicator software .oar file for this release. Cisco Unified Mobile Communicator is provided on a separate CD from Cisco Unified Mobility Advantage, or you can download it from Cisco.com. The CD or downloaded software file contains Cisco Unified Mobile Communicator software for supported mobile phone technologies and information for configuring supported phones. You should be looking at the Handset Platform Management window in the Configuration Wizard.
Procedure
Step 1 Step 2
Browse to or enter the location of the Cisco Unified Mobile Communicator software. Select Next. When the upload is successful, you see a list of the handset platforms and versions of Cisco Unified Mobile Communicator now installed in Cisco Unified Mobility Advantage.
Step 3
Select Next.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-23
Select the arrow beside a country to view the supported mobile service providers in that location. Select the arrow beside a provider to view the devices that provider supports. Select the country, mobile phone service providers, and supported handset models for your deployment. Checking a box selects each box in the list under that entity, whether or not you see the list. Uncheck boxes as needed, or start by checking each device to support. Windows Mobile is currently available in English only. On Nokia Symbian phones, Release 7.0 is available in English, while French, German, Spanish, and Italian are supported in Release 3.x. BlackBerry clients have separate installers for each supported language:
Step 4
Select Next.
Review the configuration summary. Select Reset under any area to make changes to that area. Select Finish. Select No if you see a prompt to start the Managed Server (Cisco Unified Mobility Advantage).
What To Do Next
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-24
Chapter 7
Using the Configuration Wizard in Cisco Unified Mobility Advantage Downloading the Self-Signed Certificate (After Running the Configuration Wizard)
Sign in to the Cisco Unified Mobility Advantage Admin Portal. Select Security Context Management. Select Security Contexts. Select Manage Context beside the cuma security context. This is the first Security Context you created above. Select Download Certificate. Save the file.
Step 5 Step 6
What To Do Next
To Complete essential security configuration. Depending on the security requirements of your other enterprise servers, download certificates from Cisco Unified Mobility Advantage and import them into the relevant servers. Start Cisco Unified Mobility Advantage Activate users
More Information All remaining procedures in Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance.
Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11. Importing Certificates into Cisco Unified Operating System Servers, page 3-16. For other enterprise servers (such as Active Directory or Cisco Unity), see the documentation for those servers.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-25
To Provision devices
More Information
Chapter 15, Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage Chapter 16, Deploying Cisco Unified Mobile Communicator on BlackBerry Devices
Give users the information Information to Give to Users, page 14-3 they need in order to use Cisco Unified Mobile Communicator Consider obtaining and deploying a signed certificate on the Cisco Unified Mobility Advantage server This is recommended but not required, and you can do it later, after your system is running and you have tested it. See About Required and Recommended SSL Certificates, page 9-2.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
7-26
CH A P T E R
Use the Cisco Unified Mobility Advantage Admin Portal to manage Cisco Unified Mobility Advantage and Cisco Unified Mobile Communicator. There is no command-line interface access for this release.
Logging In to the Admin Portal, page 8-1 How to Change the Admin Portal Password, page 8-2
You can sign in to the Admin Portal from any computer that has access to the server. The portal is designed for viewing at 96 DPI.
Procedure
Step 1
Open a web browser and enter the Admin Portal URL: http://hostname or IP address of your Cisco Unified Mobility Advantage server:7080/adminportal For example: http://mycompany.com:7080/adminportal
Step 2
Enter the Admin user ID and password. The username is admin and cannot be changed. Select Login to display these options:
Step 3
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
8-1
Description Activate, deactivate, and manage users. Provision new mobile phones and upgrade Cisco Unified Mobile Communicator on mobile phones. Delete Cisco Unified Mobile Communicator data from mobile phones.
Enterprise Configuration
Configure Cisco Unified Mobility Advantage to communicate with Active Directory, Microsoft Exchange, Cisco Unity, Cisco Unified Presence, and Cisco Unified Communications Manager servers. Configure voicemail, call control, and conference integration. View supported mobile phone platforms and versions of Cisco Unified Mobile Communicator installed on your system. Install an upgrade version of Cisco Unified Mobile Communicator. Download Cisco Unified Mobile Communicator to your desktop computer for provisioning purposes.
Start or stop Cisco Unified Mobility Advantage and specify server settings required for operation. View or edit system properties, set configuration information (for log files and calendar and SMTP Server connections), and view a summary of Cisco Unified Mobility Advantage server ports. Manage client-server security within the Cisco Unified Mobility Advantage deployment. Generate and view server statistics and summaries.
Changing the Password from the Admin Portal, page 8-2 Changing the Password Without the Current Admin Portal Password, page 8-3
Sign in to the Admin Portal. Select the [+] beside System Management. Select System Properties. Enter the new password in the Admin Password and Confirm Admin Password fields.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
8-2
Chapter 8
Accessing Cisco Unified Mobility Advantage How to Change the Admin Portal Password
Step 5 Step 6
Use SSH to access the Cisco Unified Mobility Advantage server using your platform administrator credentials. Enter the following command to reset the password:
set password cuma
Step 3
Enter the following command to restart Cisco Unified Mobility Advantage and activate the new password:
utils service restart CUMA Admin
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
8-3
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
8-4
CH A P T E R
This chapter describes the concepts and processes for establishing server identity.
About Secure Connections and SSL Certificates, page 9-1 About Required and Recommended SSL Certificates Explanation of Security Contexts, page 9-4 Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4 Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5 Creating Security Contexts, page 9-7 Importing Self-Signed Certificates from Trusted Servers, page 9-10 Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11 How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server, page 9-12 Certificate Uploads and Downloads, page 9-15 Viewing Certificate Details, page 9-16 Deleting Security Contexts And Certificates, page 9-17
Self-signed certificates are generated from the server; a copy of the certificate must reside on the client. When a client connects to a server, it compares the certificate that the server presents to the copy of the certificate in its own trust store.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-1
Certificates signed by a recognized Certificate Authority (CA) such as VeriSign enable clients to trust servers without having a to import a certificate from each server onto the client, as long as the client recognizes certificates that are signed by the particular Certificate Authority. Certificates can be signed by other authorities, such as an in-house corporate signing authority that guarantees servers within the corporate firewall.
You can also configure each server behind the your corporate firewall to trust the identity of other servers behind the same firewall without explicitly requiring certificates.
A root certificate which declares the identity of the signing Certificate Authority. An intermediate certificate, which is provided by many certificate authorities to accompany a signed certificate. The signed certificate which identifies the server being authenticated.
Certificates signed by a corporate signing authority may also include root and intermediate certificates.
Required and Recommended Signed Certificates, page 9-2 Required and Recommended Self-Signed Certificates, page 9-3
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-2
Chapter 9
Managing Server Security in Cisco Unified Mobility Advantage About Required and Recommended SSL Certificates
Necessity Recommended
Description For the Cisco Unified Mobility Advantage server. This certificate prevents users from seeing an Untrusted certificate warning when they access the User Portal. Browsers generate this warning when they connect to a server that does not have a signed certificate.
Do This You must install Cisco Unified Mobility Advantage before you can obtain a signed certificate for this purpose. You can use a self-signed certificate for initial configuration and testing, and then obtain and deploy a signed certificate later. See How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server, page 9-12.
Upgrades from If you had a signed certificate on the managed server in Cisco Unified Mobility Advantage Release 3.1.2, you may Release 3.x be able to reuse this certificate. See:
Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15 Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15.
Related Topics
About Secure Connections and SSL Certificates, page 9-1 How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance, page 2-8
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-3
Determine the level and type of identity verification that Cisco Unified Mobility Advantage requires from each server and client with which it connects. For example, servers behind your corporate firewall (most enterprise servers with which Cisco Unified Mobility Advantage communicates) may require less stringent identity verification because they are already in a presumably secure environment. Communications with a server in a DMZ (for example, the Cisco Adaptive Security Appliance) generally require stricter identity verification because a DMZ environment is less secure.
Store copies of trusted certificates. Depending on your security choices, certificates that other servers present must match their corresponding certificates stored in the Security Context that you assigned to that server. Store the certificate that Cisco Unified Mobility Advantage presents when identifying itself to other servers. Collect the information needed to create certificates, and use that information to generate certificates to provide to other servers for their store of trusted certificates, or to generate a Certificate Signing Request for a signed certificate.
In general, if you set the Connection Type for an enterprise server to TLS or SSL (secure), you must specify a Security Context for connections with that server. You specify the certificate requirements in the Security Context.
Determine your certificate needs. See How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance, page 2-8.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-4
Chapter 9
Managing Server Security in Cisco Unified Mobility Advantage Deploying Self-Signed Certificates for Internal Servers: Example
Procedure
Do This
Step 1
Creating Security Contexts, page 9-7. In Cisco Unified Mobility Advantage, create a Security Context that specifies Trusted Certificates for the Trust Policy. If you followed the instructions for the Configuration Wizard in Chapter 7, Using the Configuration Wizard in Cisco Unified Mobility Advantage, you have already created the cuma Security Context.
Step 2
In System Management > Network Properties, specify the Security Context from Step 1 in this table. If you followed the instructions for the Configuration Wizard, you have already completed this step.
Step 3
Generate a self-signed certificate from Cisco Unified If you followed the instructions for the Mobility Advantage. Configuration Wizard:
Downloading the Self-Signed Certificate (After Running the Configuration Wizard), page 7-25 Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11.
Otherwise:
Step 4 Step 5
Import this certificate to the trust store of the Cisco Adaptive Security Appliance. Generate a self-signed certificate from the Cisco Adaptive Security Appliance. Import this certificate into the trust store of Cisco Unified Mobility Advantage.
Importing a Self-Signed Certificate from Cisco Unified Mobility Advantage, page 2-12. Generate a Certificate for Cisco Unified Mobility Advantage from the Cisco Adaptive Security Appliance, page 2-14. Importing Self-Signed Certificates from Trusted Servers, page 9-10
Step 6 Step 7
In the Cisco Adaptive Security Appliance, complete Setting up the TLS Proxy, page 2-15 and the remaining configurations remaining procedures in that chapter.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-5
You can use self-signed certificates or certificates signed by an in-house corporate signing authority to verify the identities of servers behind the corporate firewall. This configuration example describes one option to configure security for internal servers, using self-signed certificates. Use the same basic procedure for each enterprise server that supports secure connections.
Before You Begin
We recommend that you verify that all features that you deployed are functioning properly before you introduce security to the configuration. For the following servers, use different instructions instead of this topic:
For Cisco Adaptive Security Appliance, see Deploying Self-Signed Certificates:
page 4-3.
Procedure
Do This
Step 1
In Cisco Unified Mobility Advantage, create a Creating Security Contexts, page 9-7. Security Context that specifies Trusted Certificates for the Trust Policy. You can use this Security Context for all enterprise servers that have the same security requirements. If you followed the instructions for the Configuration Wizard you can use the cuma Security Context.
Step 2
In the Enterprise Adapter for the server, select TLS or SSL as the Transport Type, then specify the Security Context from Step 1 in this table.
Viewing and Changing Enterprise Adapter Settings, page 10-4 Appendix A, Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage
Generate a self-signed certificate from Cisco Unified Downloading Self-Signed Certificates from Mobility Advantage. Cisco Unified Mobility Advantage, page 9-11. Import this certificate to the trust store of the enterprise server. Generate a certificate from the enterprise server. Import this certificate to the trust store of Cisco Unified Mobility Advantage. See the documentation for the server. See the documentation for the server. Importing Self-Signed Certificates from Trusted Servers, page 9-10
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-6
Chapter 9
Managing Server Security in Cisco Unified Mobility Advantage Creating Security Contexts
Create a security context for each different type of security you require in order to allow other servers to communicate with Cisco Unified Mobility Advantage. For example, if you require no imported certificates from internal servers and a self-signed certificate from the Cisco Adaptive Security Appliance in the DMZ, create two Security Contexts. If you followed the documentation for the Configuration Wizard, you created these two Security Contexts.
You can use a single security context to govern relationships with multiple servers, if the requirements are the same for all of those servers. You may need to create multiple security contexts in order to satisfy the security requirements of all enterprise servers. For example, some servers may require Cisco Unified Mobility Advantage to present a trusted certificate.
Determine the two-letter ISO country code for the location of your Cisco Unified Mobility Advantage server. Visit http://www.iso.org/iso/country_codes/iso_3166_code_lists/english_country_names_and_code_element s.htm.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5
Sign in to the Cisco Unified Mobility Advantage Admin portal. Select the [+] beside Security Context Management. Select Security Contexts. Select Add Context. Enter information: Field Context Name Description Description Enter a name for the certificate. The name cannot contain spaces or special characters. Enter a description for the certificate.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-7
Description This value determines the type of certificate Cisco Unified Mobility Advantage requires of an enterprise server with which it initiates communication, such as Cisco Adaptive Security Appliance and Cisco Unified Communications Manager. Options are:
Trusted Certificates The other server must present one of the following:
A self-signed certificate that you will have already
corporate signing authority. In this case, you must import the certificates of the signing authority into Cisco Unified Mobility Advantage.
All Certificates Choose this option if you do not want to verify certificates that each server presents. Cisco Unified Mobility Advantage trusts certificates from each server whose enterprise adapter is associated with this Security Context. You do not need to import certificates in this case.
Default All servers must present certificates that are signed by a recognized Certificate Authority.
This setting determines whether Cisco Unified Mobility Advantage requires a certificate from clients or other servers that initiate a connection to it. Typically, communications using the TLS protocol do not require a certificate in this situation. Cisco Unified Mobility Advantage uses the Client Authentication Policy when it is acting as a server (for example, in communications with the Cisco Adaptive Security Appliance.) Options are:
None Cisco Unified Mobility Advantage does not request a certificate from the client. Optional Cisco Unified Mobility Advantage requests but does not require a certificate from the client. Required Cisco Unified Mobility Advantage requires a certificate from the client.
The type of certificate required is specified in the Trust Policy field, described above.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-8
Chapter 9
Managing Server Security in Cisco Unified Mobility Advantage Creating Security Contexts
Description Enter the password you want to assign to this certificate. The password must be at least six characters in length. If you are upgrading from Release 3.x and you upload a certificate from Cisco Unified Mobility Advantage Release 3.x, you must enter the same password, which you noted before you performed the upgrade. Note this password in a safe place. You may need it later.
Enter the fully qualified hostname of this server. Enter the name of the department that will be using Cisco Unified Mobility Advantage, if restricted to one department. For the Security Context that you will associate with the Cisco Adaptive Security Appliance, this value must match the OU value you entered when you generated the Certificate Signing Request for the signed certificate from the Cisco Adaptive Security Appliance.
Company Name
Enter your company name. If you will use the information in this Security Context to obtain a signed certificate, use the name under which your company or organization is officially registered to conduct business. VeriSign validates this name against official business registration documents. If the company name includes symbols requiring the shift key, see instructions at your Certificate Authority website.
City State
Enter the city where the department or company is located. Enter the state or province where the city is located. Check with your supported Certificate Authority to determine exact requirements for this value. At publication, the requirements are:
For locations in the United States and Canada, spell out the full name. For example: California (not CA). For other installations, there are no restrictions on this value.
Country Code
Enter the two-letter code for the country where the company is located. You obtained this value while completing the prerequisites for this procedure.
Step 6
Select Submit.
What To Do Next
For each enterprise server that requires a TLS or SSL connection, specify an appropriate Security Context. A single Security Context can be associated with multiple servers if the security requirements are the same for all.
For the Cisco Adaptive Security Appliance: Assign a Security Context on the System
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-9
For other enterprise servers: Assign an appropriate Security Context on the Enterprise Adapter
page for each server. See Appendix A, Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage and Chapter 10, Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage.
If the Trust Policy is Trusted Certificates and you will use self-signed certificates to establish trust:
See Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4 Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5
If the Trust Policy is Trusted Certificates and you will use a certificate signed by a nonrecognized authority such as an in-house corporate signing authority:
Follow the procedures at your company to obtain the required certificate chain. Import the certificates into Cisco Unified Mobility Advantage. See Importing Intermediate
Certificates, page 9-14 and Importing Certificates Signed by a Certificate Authority, page 9-15.
Import the root certificate into the trust store of the other server.
If the Trust Policy is Default or Trusted Certificates and you will use a certificate signed by a recognized certificate authority, follow the instructions in How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server, page 9-12.
To import a self-signed certificate from the Cisco Adaptive Security Appliance. To import self-signed certificates from other enterprise servers, if you specified for any Enterprise Adapter TLS connection, and the associated server will present a self-signed certificate.
Generate a self-signed certificate from each enterprise server whose Enterprise Adapter in Cisco Unified Mobility Advantage has a Security Context that specifies Trusted Certificates for the Trust Policy.
For the Cisco Adaptive Security Appliance, see Generate a Certificate for Cisco Unified
Mobility Advantage from the Cisco Adaptive Security Appliance, page 2-14.
For Cisco Unified Communications Manager, see Obtaining a Certificate from Cisco Unified
Communications Manager, page 3-16. The certificate files will be named CallManager.pem and tomcat.pem.
For Cisco Unified Presence, see the documentation for that product.
There are three separate certificates: - sipproxy.pem - tomcat.pem (You can rename this file to a unique name to avoid confusion.) - PresenceEngine.pem
For Cisco Unity Connection, you need the tomcat.pem file. (You can rename this file to a unique
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-10
Chapter 9
Managing Server Security in Cisco Unified Mobility Advantage Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage
Identify the name of the Security Context that is associated with the server whose certificate you want to import:
For the Cisco Adaptive Security Appliance: This is the Security Context specified on the
Make sure the Security Context has the Trust Policy set to Trusted Certificates.
Procedure
Step 1 Step 2 Step 3 Step 4
Open the certificate in WordPad (not Notepad). Select the [+] beside Security Context Management in the Admin Portal. Select Security Contexts. Select Manage Context for the Security Context into which you want to import the certificate. If you used the Configuration Wizard, this is the cuma security context. Select Import on the Trusted Certificate(s) line. Enter the certificate name (no spaces). Copy and paste the text from the certificate into the Certificate field. Include the following lines. Make sure that there are no extra spaces at the end. ----BEGIN CERTIFICATE-------END CERTIFICATE---Select Import. Restart Cisco Unified Mobility Advantage.
Step 8 Step 9
Related Topics
Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4 Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5
Make sure that a self-signed certificate meets your needs. See Required and Recommended Self-Signed Certificates, page 9-3.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-11
Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server
Create at least one security context. Complete all fields in the form. Note that this procedure is different from the procedure for downloading a keystore file, as described in Certificate Uploads and Downloads, page 9-15 and Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14.
Procedure
Step 1 Step 2 Step 3 Step 4
Select the [+] beside Security Context Management. Select Security Contexts. Select Manage Context beside the security context that holds the certificate to download. Select Download Certificate. If the certificate is a chain (has associated root or intermediate certificates), only the first certificate in the chain is downloaded. This is sufficient for self-signed certificates.
Step 5
Related Topics
About Secure Connections and SSL Certificates, page 9-1 Creating Security Contexts, page 9-7 Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4 Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5 Downloading the Self-Signed Certificate (After Running the Configuration Wizard), page 7-25
What To Do Next
For the Cisco Adaptive Security Appliance: See Importing a Self-Signed Certificate from Cisco Unified Mobility Advantage, page 2-12. For Cisco Unity: See the documentation for the Internet Information Server (IIS) on the platform on which Cisco Unity is installed. For other Cisco products: See Importing Certificates into Cisco Unified Operating System Servers, page 3-16. For other servers: See the documentation for each server for instructions.
How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server
Obtaining and Deploying a Signed Certificate for the Cisco Unified Mobility Advantage Server, page 9-13 Creating a Certificate To Be Signed by a Certificate Authority, page 9-13 Importing Intermediate Certificates, page 9-14 Importing Certificates Signed by a Certificate Authority, page 9-15
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-12
Chapter 9
Managing Server Security in Cisco Unified Mobility Advantage How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server
Obtaining and Deploying a Signed Certificate for the Cisco Unified Mobility Advantage Server
There are two ways to obtain signed certificate, depending on your situation: To (If you upgraded from Release 3.1.2) Determine whether you can re-use an existing signed certificate Obtain a signed certificate for Cisco Unified Mobility Advantage Do This See Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15. Follow these procedures in order, as applicable:
1. 2. 3.
Creating a Certificate To Be Signed by a Certificate Authority, page 9-13 Importing Intermediate Certificates, page 9-14 Importing Certificates Signed by a Certificate Authority, page 9-15
Related Topics
Determine your certificate needs. See About Required and Recommended SSL Certificates, page 9-2. Visit the web site of your Certificate Authority (VeriSign or GeoTrust) to determine the process and requirements for purchasing a signed certificate. We recommend that you become generally familiar with the policies of the Certificate Authority. For example, check the requirements for extending the certificate so that you maintain the necessary records.
Procedure
Step 1
Create or navigate to a security context that is associated with a server which requires a signed certificate. If you followed the instructions for the Configuration Wizard, use the cuma Security Context. Select Manage Context. Select Retrieve CSR to generate a Certificate Signing Request. The CSR appears.
Step 2 Step 3
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-13
Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server
Step 4
Follow the instructions on the web site of the Certificate Authority to purchase the signed certificate. You will need the CSR you just retrieved. You will receive an email message with the signed certificate information. This process may take up to 24 hours. Note your certificate password in a safe place for future reference.
Step 5
What To Do Next
When you receive the signed certificate from the Certificate Authority, follow the instructions in Importing Intermediate Certificates, page 9-14.
Determine whether your Certificate Authority requires an intermediate certificate. Follow the procedure in Creating a Certificate To Be Signed by a Certificate Authority, page 9-13. Receive the signed certificate by email from the Certificate Authority. This email message may also contain information about an intermediate certificate if one is required. Review any instructions from the Certificate Authority. Identify the name of the Security Context that is associated with the server that requires a signed certificate from Cisco Unified Mobility Advantage. For the Cisco Adaptive Security Appliance, this is the Security Context specified on the System Management > Network Properties page. You must import the certificate into this Security Context.
Procedure
Step 1 Step 2 Step 3
Select the [+] beside Security Context Management. Select Security Contexts. Select Manage Context beside the Security Context into which you will import the signed certificate. If you followed the instructions for the Configuration Wizard, this will be the cuma Security Context. Select Import in the Trusted Certificates bar. Paste the intermediate certificate text. Name the certificate. Select Import.
What To Do Next
Import the signed certificate. See Importing Certificates Signed by a Certificate Authority, page 9-15.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-14
Chapter 9
Managing Server Security in Cisco Unified Mobility Advantage Certificate Uploads and Downloads
Follow the procedure in Creating a Certificate To Be Signed by a Certificate Authority, page 9-13. Receive the signed certificate by email from the Certificate Authority. This email message may also contain information about an intermediate certificate if one is required. Review any instructions from the Certificate Authority. Identify the name of the Security Context that is associated with the server that requires a signed certificate from Cisco Unified Mobility Advantage. For the Cisco Adaptive Security Appliance, this is the Security Context specified on the System Management > Network Properties page. You must import the certificate into this Security Context. Import the intermediate certificate, if required. See Importing Intermediate Certificates, page 9-14
Procedure
Step 1 Step 2 Step 3
Select the [+] beside Security Context Management. Select Security Contexts. Select Manage Context beside the Security Context into which you will import the certificate. If you followed the instructions for the Configuration Wizard this will be the cuma Security Context. Select Import CA Reply. Name the certificate. Paste the certificate text. Select Import. You do not need to import a signed certificate for Cisco Unified Mobility Advantage into any other server.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-15
Details If you have an existing signed certificate that is valid for this server, you can upload the existing certificate instead of creating a new certificate. Supported file formats are JKS and PKCS12. The security context into which you upload the certificate cannot have the Trust Policy set to All Certificates. Uploading is different from importing certificates from trusted servers.
Downloading certificates
This process downloads a keystore file in PKCS12 format. Do not use this process for generating self-signed certificates.
Related Topics
Uploading the Proxy Server Certificate to Release 7.x, page 5-13 Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14 Importing Self-Signed Certificates from Trusted Servers, page 9-10 Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11
Procedure
1. 2. 3. 4.
Navigate to the Security Context that holds the certificate. Select Manage Context. Look at the server certificate information in the Key Entry section. Select View Certificate Chain to view any intermediate and root certificates associated with this server certificate.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-16
Chapter 9
Managing Server Security in Cisco Unified Mobility Advantage Deleting Security Contexts And Certificates
Procedure
1. 2. 3.
Navigate to the Security Context that holds the certificate. Select Manage Context. Select the [+] beside the certificate name under Trusted Certificates. Select the [+] beside Security Context Management. Select Certificate Utility. Browse to the certificate. Select the certificate type. Enter the certificate password. Select View.
1. 2. 3. 4. 5. 6.
To Delete A security context and any associated certificates. You cannot delete a security context that is specified in any Enterprise Adapter or the Network Properties page.
Do This
1.
Consider downloading and saving any signed certificates associated with this security context. Be sure to use the Download button, not the Download Certificate button. Select the [+] beside Security Context Management. Select Security Contexts. Select Delete beside the appropriate security context. Navigate to the Security Context that holds the certificate. Select Manage Context. Select Delete beside the certificate name under Trusted Certificates.
2. 3. 4.
1. 2. 3.
Related Topics
Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-17
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
9-18
CH A P T E R
10
Configure Cisco Unified Mobility Advantage to connect to the other servers in your network. Enterprise Adapters manage the information needed to allow Cisco Unified Mobility Advantage to connect to other enterprise servers that provide features and functionality. You can configure this information in the Configuration Wizard, or in the Admin Portal using the instructions in this chapter.
Configuring Connections to Clients through the Cisco Adaptive Security Appliance, page 10-1 Adding a New Enterprise Adapter, page 10-3 Viewing and Changing Enterprise Adapter Settings, page 10-4 Deleting an Enterprise Adapter, page 10-5 Configuring Directory Lookup Settings in Cisco Unified Mobility Advantage, page 10-5
You will need the Proxy Host Name that you obtained in Obtaining IP Addresses and DNS Names from IT, page 1-3. You will need the port numbers you noted in Opening Firewall Ports, page 1-5. Create a security context that establishes the type of identity verification that Cisco Unified Mobility Advantage will require from the Cisco Adaptive Security Appliance. See Creating Security Contexts, page 9-7. If your Cisco Adaptive Security Appliance is in the DMZ, we recommend the overall configuration described in Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
10-1
Chapter 10 Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage Configuring Connections to Clients through the Cisco Adaptive Security Appliance
Stop Cisco Unified Mobility Advantage if it is running. See Stopping Cisco Unified Mobility Advantage, page 11-1.
Procedure
Step 1 Step 2 Step 3
Select the [+] beside System Management. Select Network Properties. Enter information: Setting Proxy Host Name Description Host name that clients will use to connect through the Cisco Adaptive Security Appliance to Cisco Unified Mobility Advantage. The hostname must be routable from the Internet. The Proxy Host Name should resolve to the external IP address that you received from your IT administrator. Proxy Client Connection Port Proxy Client Download Port The port that is used for secure communications between the Cisco Unified Mobile Communicator client and the Cisco Adaptive Security Appliance. The port through which clients connect to the Cisco Adaptive Security Appliance for wireless downloads of Cisco Unified Mobile Communicator. This field is not used for BlackBerry clients. However, you must enter a value even if you will deploy only to BlackBerry devices. Managed Server Information Client Connection Port The port that Cisco Adaptive Security Appliance uses to connect to Cisco Unified Mobility Advantage. The Cisco Adaptive Security Appliance translates this port to the Proxy Client Connection Port for Cisco Unified Mobile Communicator client connections to the Cisco Adaptive Security Appliance. User Portal Port The port users will use to access the Cisco Unified Mobile Communicator User Portal. The range is 9400-9500. The default is 9443. For security, this port should be available only behind your corporate firewall. Your Value
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
10-2
Chapter 10
Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage Adding a New Enterprise Adapter
Description The port on which users will download the client software. This port is translated to the Proxy Client Download Port for client connections to the Cisco Adaptive Security Appliance. This field is not used for BlackBerry clients. However, you must enter a value even if you will deploy only to BlackBerry devices.
Your Value
Security Context
Select the Security Context that governs connections with the Cisco Adaptive Security Appliance.
Step 4 Step 5
Select Submit. Start Cisco Unified Mobility Advantage (in Server Controls > Cisco > Control Server) when you are done making configuration changes.
Prepare the information you will need in order to configure the adapter or adapters you need. See
About Active Directory Enterprise Adapter Settings, page A-1 About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6 About Cisco Unified Presence Enterprise Adapter Settings, page A-10 About Microsoft Exchange Enterprise Adapter Settings, page A-11 About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5
Select the [+] beside Enterprise Configuration. Select Enterprise Adapters. Select Add new adapter. Enter or select the requested information. Select Submit.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
10-3
Select the server you have added. Enter a name and description. Select Submit. Do the following for each tab:
a. b.
Enter configuration information using the information you gathered while completing the prerequisites for this procedure. For Release 7.0(2): Select Test Config to make sure the connection settings you entered are valid. Look for the test result at the top of the page, just below the tabs. Correct any errors indicated. Select Submit.
c. Step 10
Restart Cisco Unified Mobility Advantage when you are done making configuration changes.
Prepare the information you will need in order to configure the adapter or adapters you need. See
About Active Directory Enterprise Adapter Settings, page A-1 About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6 About Cisco Unified Presence Enterprise Adapter Settings, page A-10 About Microsoft Exchange Enterprise Adapter Settings, page A-11 About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14
Stop Cisco Unified Mobility Advantage before you make changes. See Stopping Cisco Unified Mobility Advantage, page 11-1.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6
Select the [+] beside Enterprise Configuration. Select Enterprise Adapters. Locate the adapter you want to view or change, and then select Edit. Select the appropriate tab. Change settings as desired. For Release 7.0(2): Check your configuration:
a. b. c.
Select Test Config for each tab to make sure the connection settings you entered are valid. Look for the test result at the top of the page, just below the tabs. Correct any errors indicated.
Step 7
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
10-4
Chapter 10
Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage Deleting an Enterprise Adapter
Select the [+] beside Enterprise Configuration. Select Enterprise Adapters. Locate the adapter to be deleted, and select Delete next to it. You may see a notice that you need to stop Cisco Unified Mobility Advantage before you can delete the adapter.
Follow this procedure if you are using Cisco Unified Communications Manager Release 4.x. If you have a different release of Cisco Unified Communications Manager, see Configuring Directory Lookup Rules in Cisco Unified Communications Manager, page 3-8 instead.
Before You Begin
Recommended Directory Lookup Settings, page 3-7 Directory Lookup Settings, page A-8
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7
Select the [+] beside Enterprise Configuration. Select Enterprise Adapters. Select Edit beside your Cisco Unified Communications Manager adapter. Select Directory Lookup Settings. Select Add New Rule. Enter specifics for the rule. Select Submit.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
10-5
Chapter 10 Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage Configuring Directory Lookup Settings in Cisco Unified Mobility Advantage
Step 8 Step 9
Repeat Step 5 through Step 7 to add rules to account for all possible successful calls for all users in your system. Select the up or down arrow beside each rule in the list to order the rules so that no rule is inadvertently applied when a different rule should be applied first. For example, if the number of digits in the number is the same, a rule for a number beginning with 823 must be above a rule for a number beginning with 82, otherwise numbers beginning with 823 would all be processed by the rule for numbers beginning with 82.
Step 10
Related Topics
Configuring Directory Lookup Rules in Cisco Unified Communications Manager, page 3-8
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
10-6
CH A P T E R
11
Use these procedures to stop and start the server, to back up and maintain the server.
Starting Cisco Unified Mobility Advantage, page 11-1 Stopping Cisco Unified Mobility Advantage, page 11-1 Viewing Version and Configuration Information, page 11-2 Accessing the Cisco Unified Operating System Administration Portal, page 11-2 Backing Up Your Cisco Unified Mobility Advantage Server, page 11-3
Sign in to the Cisco Unified Mobility Advantage Admin Portal. Select the [+] beside Server Controls. Select Cisco. Select Control Server. Select Start next to Change Status. Cisco Unified Mobility Advantage has started when Server Status changes to Running.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
11-1
Consider warning users that you will restart the system, that they will lose access, and that they must sign in again to Cisco Unified Mobile Communicator after you restart.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5
Sign in to the Admin Portal. Select the [+] beside Server Controls. Select Cisco. Select Control Server. Select Stop next to Change Status. Cisco Unified Mobility Advantage is stopped when Server Status changes to Not Running.
To View The installed version of Cisco Unified Mobility Advantage A summary of the ports and other configuration information for Cisco Unified Mobility Advantage The installed version of Cisco Unified Mobile Communicator on a client
Do This Select the [+] beside System Management, then select System Properties. Select the [+] beside System Management, then select Configuration Summary. In the Admin Portal:
1. 2. 3.
Select the [+] beside End Users, then select Search/Maintenance. Select Edit for the user. Select Phone Maintenance. Select Menu > Help > About.
On the client:
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
11-2
Chapter 11
Managing and Maintaining the Cisco Unified Mobility Advantage Server Backing Up Your Cisco Unified Mobility Advantage Server
You will need the platform administrator sign-in credentials you entered during installation. These are distinct from the Admin Portal sign-in credentials.
Procedure
Step 1 Step 2 Step 3 Step 4
Go to the Admin Portal URL, or sign out of the Admin Portal if you are signed in. Select Cisco Unified OS Administration from the list box at the top right of the page. Select Go. Sign in.
The backup destination volume must be on the network and accessible through SFTP. The account that is used to access the SFTP server on which the backup is stored must have write permission for the selected path on that volume. Keep in mind that you will need to restore the backup to a server that has the identical version of the operating system and Cisco Unified Mobility Advantage installed.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7
Go to the Admin Portal URL: Select Disaster Recovery System from the list box at the top right of the page. Select Go. Sign in with the platform credentials you entered while installing Cisco Unified Mobility Advantage. Select Backup > Backup Device. Select Add New. Enter information about your backup server: Option Backup Device Name Value Enter a name that contains only alpha numeric characters, spaces ( ), dashes (-) and underscores (_). No other characters are allowed. You will use this value to specify this server in subsequent steps. Select Destination Network Directory
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
11-3
Value IP address or hostname of the backup server Location on the backup server of the directory where you want to store the .tar file that holds your backup. Use a unique directory for each server to back up. Credentials to access the server. Specify a value high enough to ensure that the backups you want to keep are not overwritten.
Step 8 Step 9
Select Save. Back up: To Back Up Manually Automate on a schedule Do this Select Backup > Manual Backup. Select Backup > Scheduler.
Step 10
Related Topics
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
11-4
CH A P T E R
12
Enable features and their options in Cisco Unified Mobility Advantage. Be sure to perform the prerequisites noted at the beginning of each procedure.
Enabling Device ID Checking, page 12-1 Enabling Call Log Monitoring and Configuring Options, page 12-2 Enabling the Dial-Via-Office Feature and Options, page 12-3 Enabling and Configuring Voicemail, page 12-4 Enabling Conference Notifications, page 12-5 Enabling Exchange of Presence, page 12-5 Obtaining Calendar Information for Meeting Notifications and Presence Integration, page 12-6 Modifying the Maximum Search Results, page 12-7
This feature is not available for Release 3.x clients. You must configure each user on a Release 3.x client as follows: In End users > Search/Maintenance, set Allow any Device on the Device Identity Maintenance page for the user to True. Some mobile phone service providers cannot support this feature. For details, see the Restrictions and Limitations section of the Release Notes for this release at http://www.cisco.com/en/US/products/ps7270/prod_release_notes_list.html.
Procedure
Step 1 Step 2 Step 3 Step 4
Select the [+] beside System Management. Select System Properties. Set Enforce Device ID Check to True. Select Submit.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
12-1
Step 5
What To Do Next
Configure the account of each user, regardless of device. See Restricting Access By Device, page 14-2.
Configure requirements for supporting this feature. See How to Configure Call Log Monitoring, page 3-1.
Procedure
Step 1 Step 2 Step 3 Step 4
Select the [+] beside Enterprise Configuration. Select Manage Adapter Services. Select Call Control Service. Enter information: Setting Enable Corporate PBX Integration Description Select Yes to allow Cisco Unified Mobile Communicator users to view lists of calls they make and receive on all of their office phones. Select No to allow Cisco Unified Mobile Communicator users to view only the calls they make and receive on Cisco Unified Mobile Communicator. If you set this to No, you will also disable the Dial-via-Office feature. Maximum Expiry of Call Enter the maximum number of days that users can keep call log data on their mobile phones before automatic cleanup. Logs (days)
Step 5 Step 6
Select Submit. Stop and then start Cisco Unified Mobility Advantage.
Related Topics
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
12-2
Chapter 12
Enabling Features and Options in Cisco Unified Mobility Advantage Enabling the Dial-Via-Office Feature and Options
This feature is supported only with certain versions of Cisco Unified Communications Manager. Check the Compatibility Matrix for supported versions: http://www.cisco.com/en/US/products/ps7270/products_device_support_tables_list.html. This feature is not supported for Cisco Unified Mobility Advantage Release 3.x clients.
Configure requirements for supporting this feature. See How to Configure Dial Via Office, page 3-9.
Procedure
Step 1 Step 2 Step 3 Step 4
Select the [+] beside Enterprise Configuration. Select Manage Adapter Services. Select Call Control Service. Set options: Setting Enable Corporate PBX Integration Description Select Yes to provide the Dial-via-Office feature for Cisco Unified Mobile Communicator. If you set this to No, you will also disable office phone call log viewing capabilities. Enable Dial via Office Dial Via Office Policy Select Yes or No. Select an option:
Force Dial Via Office to require all users to make all mobile phone calls via their office numbers. If calls cannot be dialed via office for any reason, they can be dialed directly from the mobile device.
User Option to allow users to choose which calls they dial direct and which they dial via office.
Specify numbers that will always be dialed direct from the mobile phone and never via the corporate PBX system. Separate the list with a comma between each number. Enter the numbers as they would be dialed directly from the mobile phone, for example 112,911,999. These should include emergency numbers and can include numbers such as directory information. Include emergency numbers from all countries to which your users will travel.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
12-3
Step 5 Step 6
Select Submit. Stop and then start Cisco Unified Mobility Advantage.
Related Topics
How to Solve Problems With the Dial Via Office Feature, page 19-10
Deploy your voicemail server and verify that it works independently of Cisco Unified Mobility Advantage. If applicable, configure Cisco Unity to allow Cisco Unified Mobility Advantage to provide secure voice messages to clients. See How to Install and Configure Voicemail Web Services at http://www.cisco.com/en/US/docs/voice_ip_comm/cupa/visual_voicemail/7.0/english/install/guide /install.html#wp1095897. Voicemail Web Services is a separate installer and was introduced in Cisco Unity Release 7.0(2) ES21. Configure an enterprise adapter for your voicemail server. See About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14 Make sure the DTMF code for accessing voicemail is unique in Cisco Unified Communications Manager. See Important Information About DTMF Access Codes, page 3-12.
Procedure
Step 1 Step 2 Step 3 Step 4
Select the [+] beside Enterprise Configuration. Select Manage Adapter Services. Select Voicemail Service. Enter information: Setting Enable Corporate Voicemail Integration Description Select whether or not Cisco Unified Mobility Advantage connects to your corporate voicemail system and provides voicemail viewing and downloading capabilities on Cisco Unified Mobile Communicator.
Maximum Expiry of Voicemails Enter the maximum number of days that voice messages will be (days) listed in Cisco Unified Mobile Communicator.
Step 5 Step 6
Select Submit. Stop and then start Cisco Unified Mobility Advantage.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
12-4
Chapter 12
Enabling Features and Options in Cisco Unified Mobility Advantage Enabling Conference Notifications
Related Topics
Select the [+] beside Enterprise Configuration. Select Manage Adapter Services. Select Conference Service. Select whether or not Cisco Unified Mobility Advantage provides conference notifications and viewing capabilities on Cisco Unified Mobile Communicator. Do not change the other options unless users are experiencing problems with conferencing notifications. Select Submit. Stop and then start Cisco Unified Mobility Advantage.
Step 5 Step 6
Related Topics
Conference Alerts Not Arriving Correctly, page 19-16 Obtaining Calendar Information for Meeting Notifications and Presence Integration, page 12-6
Chapter 4, Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage Configuring an enterprise adapter for Cisco Unified Presence. See About Cisco Unified Presence Enterprise Adapter Settings, page A-10. Configuring a Presence Account for Each User in Cisco Unified Communications Manager, page 3-24
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
12-5
Chapter 12 Obtaining Calendar Information for Meeting Notifications and Presence Integration
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6
Select the [+] beside Enterprise Configuration. Select Manage Adapter Services. Select Presence Service. Set Enable Presence Service to Yes. Select Submit. Stop and then start Cisco Unified Mobility Advantage.
Related Topics
How to Solve Problems with Availability Status (Presence), page 19-14 Obtaining Calendar Information for Meeting Notifications and Presence Integration, page 12-6
Note
Cisco recommends that you do not change the settings below unless users are experiencing problems that can be clearly tied to these settings.
Before You Begin
Make sure that you have enabled Outlook integration in Cisco Unified Presence. See the documentation for Cisco Unified Presence, for example the Integration Note for Configuring Cisco Unified Presence Release 7.0 with Microsoft Exchange at http://www.cisco.com/en/US/docs/voice_ip_comm/cups/7_0/english/integration_notes/ExchInt.html.
Procedure
Step 1 Step 2 Step 3 Step 4
Select the [+] beside Enterprise Configuration. Select Manage Adapter Services. Select Conference Service. Enter information: Item Polling Period (sec) Description Polling period for the calendar in seconds. Default 600
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
12-6
Chapter 12
Enabling Features and Options in Cisco Unified Mobility Advantage Modifying the Maximum Search Results
Description Maximum number of concurrent threads used to fetch appointments. Amount of scan ahead time used by the server to scan conference appointments ahead of time.
Default 25 10
Step 5 Step 6
Select Submit. Stop and then start Cisco Unified Mobility Advantage.
Select the [+] beside System Management. Select System Properties. Enter the number of results to display in Max Search Results. Stop and then start Cisco Unified Mobility Advantage.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
12-7
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
12-8
CH A P T E R
13
Managing Cisco Unified Mobile Communicator Client Software in Cisco Unified Mobility Advantage
Revised Date: April 17, 2009
Use the information in this chapter to make client software available for use and upgrade, and to set provisioning and connection options.
How to Make Client Software Available for Use, page 13-1 How To Manage Client Software, page 13-3 How To Control User Access, page 13-5
Obtaining Client Software and Upgrades, page 13-1 Uploading a Cisco Unified Mobile Communicator Release, page 13-2 Determining Supported Devices and Service Providers, page 13-2
Cisco Unified Mobile Communicator software files Information about supported service providers Information about supported mobile phone models and operating system versions
You can obtain the .oar file on disk or download it from Cisco.com using the procedure below.
Procedure
Step 1
Visit:
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
13-1
Managing Cisco Unified Mobile Communicator Client Software in Cisco Unified Mobility Advantage
Download the relevant client release to a volume that is accessible from your Cisco Unified Mobility Advantage server.
What To Do Next
Upload this .oar file into Cisco Unified Mobility Advantage to enable users to install individual clients. See Uploading a Cisco Unified Mobile Communicator Release, page 13-2.
Obtain the client software. See Obtaining Client Software and Upgrades, page 13-1.
Procedure
Step 1 Step 2 Step 3
Select the [+] beside Handset Platform Management. Select Upload New Version. Select Browse and locate the Cisco Unified Mobile Communicator release. This file has a .oar filename extension. Select Submit. When the upload is complete, you will see a summary of the supported clients Select Here to exit the summary.
Step 4
Step 5
Perform the operation in Uploading a Cisco Unified Mobile Communicator Release, page 13-2.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
13-2
Chapter 13
Managing Cisco Unified Mobile Communicator Client Software in Cisco Unified Mobility Advantage How To Manage Client Software
Procedure
Step 1 Step 2 Step 3 Step 4
Select the [+] beside Handset Platform Management. Select Provisioning Management. Select Provisioning Configuration. Select a country to view supported service providers there. For Release 7.0(2): Choose Other if you do not see your country. Select a service provider to view the devices that that provider supports. For Release 7.0(2): Choose Other if you do not see your provider. Nokia Symbian clients include Release 7.0 (for English) and Release 3.x (for other languages.) BlackBerry devices that run Release 3.x client software languages other than English are followed by a code that indicates the language:
Step 5
Step 6
Select each country, service provider, and device to support. Selecting an entity selects each item in the list under that entity, whether or not you see the list. Deselect items as needed, or start by selecting each device to support.
Step 7
Select Submit.
What To Do Next
Installing the Client on Nokia Symbian Phones from Your Computer, page 17-3 Chapter 15, Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage Chapter 16, Deploying Cisco Unified Mobile Communicator on BlackBerry Devices How to Make the Client Application Available to Users, page 16-3.
Viewing Your Uploaded Cisco Unified Mobile Communicator Versions, page 13-3 Managing Support for Obsolete Devices, page 13-4
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
13-3
Managing Cisco Unified Mobile Communicator Client Software in Cisco Unified Mobility Advantage
Procedure
Step 1 Step 2 Step 3
Select the [+] beside Handset Platform Management. Select Version Management. View information: Field Installer Description Installer for the specified country, service provider, device model, and language, if any are specified. For BlackBerry, each language requires a different installer. For Nokia Symbian, there are separate choices for Release 7.0 and for Release 3.x. The installation method and the installation instructions displayed during provisioning may differ between different installers for the same generic platform. Platform Version Operating system of the mobile device Installed version of Cisco Unified Mobile Communicator for the selected platform.
Related Topics
Notify affected users that Cisco Unified Mobility Advantage no longer supports their devices, that you will disable Cisco Unified Mobile Communicator on those devices, and that the users will no longer be able to use Cisco Unified Mobile Communicator or access any personal contact information or information in text messages.
Procedure
Step 1 Step 2 Step 3 Step 4
Select the [+] beside Handset Platform Management. Select Provisioning Management. Select Unsupported Phone Maintenance. Select a phone model in the list, or enter a phone model and select Search.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
13-4
Chapter 13
Managing Cisco Unified Mobile Communicator Client Software in Cisco Unified Mobility Advantage How To Control User Access
Step 5
Delete all unsupported devices, or select individual users and delete their devices.
Changing the PIN Expiry Period (For Client Downloads), page 13-5 Changing Required Frequency for Signing In, page 13-5
Select the [+] beside System Management. Select System Properties. Enter a number for Max PIN Expiry (days). Restart Cisco Unified Mobility Advantage.
Select the [+] beside System Management. Select System Properties. Enter a number of days for the Session Timeout. Restart Cisco Unified Mobility Advantage.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
13-5
Managing Cisco Unified Mobile Communicator Client Software in Cisco Unified Mobility Advantage
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
13-6
CH A P T E R
14
Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage
Revised Date: April 17, 2009
Use the information in this chapter to perform operations for each user and for devices associated with each user.
How To Add Users and Prepare to Add Their Devices, page 14-1 How To View or Change User and Device Configuration, page 14-4
Activating Users, page 14-1 Restricting Access By Device, page 14-2 Information to Give to Users, page 14-3
Activating Users
You must activate users in Cisco Unified Mobility Advantage before they can install the client.
Before You Begin
Make sure each user is in an Active Directory server for which you have configured an adapter. Each user must have an activated email account on the network. Make sure that your Cisco Unified Mobility Advantage system is fully configured, enterprise servers are configured and operational, and desired features supported by your system are enabled and configured. (BlackBerry only) Configure the BlackBerry Enterprise Server for use with Cisco Unified Mobility Advantage. See How to Configure the BlackBerry Enterprise Server for Use With Cisco Unified Mobility Advantage, page 16-1.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
14-1
Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage
Procedure
Step 1 Step 2 Step 3
Sign in to the Admin Portal. Select the [+] beside End Users. Select User Activation/Deactivation. Inactive users appear in the Search Results list. Activated users appear in the Member List. Select a directory to search using the Find Users In drop-down menu. Enter a name or partial name in the Search For field, or leave the field blank to produce every name in the selected directory. Select Search. Found names appear in the Search Results window.
Note
Search looks for unactivated users only. A maximum of 1,000 inactive users can be listed. If you do not see the user you want to activate in the list, refine your search. To search for activated users, you must manually scroll through the list. The list of active users is not limited to 1,000. Select a name or names to activate in the Search Results list. Control-click to select multiple names. Select Add. The user or users are placed in the active Member List. Select Submit.
Step 7
Step 8
Step 9
What To Do Next
Set options to restrict access by device. See Restricting Access By Device, page 14-2. (Cisco Unified Mobility Advantage Release 7.0 only) By default, new users of Release 3.x clients will not be able to connect.
Do not enable this feature for users of Release 3.x clients. Some mobile phone service providers cannot support this feature. For details, see the Restrictions and Limitations section of the Release Notes for this release at http://www.cisco.com/en/US/products/ps7270/prod_release_notes_list.html.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
14-2
Chapter 14
Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage How To Add Users and Prepare to Add Their Devices
Enable this feature for the system. See Enabling Device ID Checking, page 12-1.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6
Select the [+] beside End Users. Select Search Maintenance. Search for a user Select Edit for the user. Select Device Identity Maintenance. Set these settings: Option Allow Any Device Description Select True:
To allow any device to connect with the credentials of this user. If the service provider does not support this feature, as described in the Restrictions section of this topic. If the user will use Release 3.x of the client application.
Select False to allow only the phone having the IMEI/ESN Number you specify to connect. IMEI/ESN Number If you chose False above, enter the IMEI/ESN Number of the mobile phone, or the user will not be able to connect.
Step 7
Select Submit.
What To Do Next
Chapter 15, Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage Chapter 17, Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones Provisioning and Installing on BlackBerry Devices, page 16-9
Their user IDs and passwords to sign in to the User Portal and Cisco Unified Mobile Communicator. The URL of the User Portal The User Portal URL follows this example: https://192.0.2.100:9443/jsp/index.jsp, where 192.0.2.100 is the IP address of your Cisco Unified Mobility Advantage server and 9443 is the value you entered for User Portal Port in the Network Properties page.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
14-3
Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage
User documentation or a link to it. See: http://www.cisco.com/en/US/products/ps7271/products_user_guide_list.html. Each device type has a slightly different set of user documentation. Instructions about which installation procedures in the documentation they need to follow in order to complete Cisco Unified Mobile Communicator setup, particularly if you have performed some of the procedures yourself. The format users should use to enter their phone numbers when adding and provisioning their phones. For example, with or without a country code, parentheses, hyphens, or spaces, depending on how phone numbers are configured in Cisco Unified Communications Manager. (For users of BlackBerry devices) The Admin email address that you entered while configuring the connection to the SMTP server, plus the instructions for configuring Microsoft Outlook so that it does not route provisioning and alert messages to the Junk Mail folder. (For upgrades from Release 3.x only) Notify existing users that:
If voicemail credentials differ from Cisco Unified Mobile Communicator credentials, users
must enter their voicemail usernames and passwords in the User Portal before they can access voicemail from their mobile devices. Users can always access their voicemail from other standard methods, such as from their desk phones.
BlackBerry users should upgrade their client software. Users of Nokia Symbian phones who use the French, German, Spanish, or Italian client do not
in order to use the new features. However, they cannot use the standard upgrade procedure. Instead, they must delete their existing phones from the User Portal, then add their phones again as new phones. When they sign in to the new client, their data will be restored on the new client. For best results, they should connect to the server immediately before they delete their phones in order to ensure that no data that was added to their client since the last connection is lost.
Related Topics
Preventing Outlook From Treating BlackBerry Provisioning Email Messages As Junk Mail, page 16-8
Viewing User Information, page 14-5 Changing the Active Directory Organizational Unit for Users, page 14-5 Viewing Phone and Connection Information Per User, page 14-6 Changing or Deleting a Mobile Device, Number, or Service Provider, page 14-7 Desk Phone Number Changes, page 14-8 Removing Cisco Unified Mobile Communicator Data from a Phone, page 14-8 Forcing a User to Sign Out of Mobile Communicator, page 14-8 Deactivating a User, page 14-9
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
14-4
Chapter 14
Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage How To View or Change User and Device Configuration
Select the [+] beside End Users. Select Search/Maintenance. Search for the user by scrolling through the list or by searching by name or mobile phone number and selecting Search. Select Edit. View information:
User address Status in the system (Active or Inactive) User OU (Organization Unit in Active Directory) User Contact Server (Exchange server) Information about active mobile phones.
Related Topics
Viewing Phone and Connection Information Per User, page 14-6 Changing the Active Directory Organizational Unit for Users, page 14-5
Select the [+] beside End Users. Select Search/Maintenance. Search for the user by scrolling through the list or by searching by name or mobile phone number and selecting Search. Select Edit next to the user ID. Select Change Organizational Unit. Select Change. Enter information. Select Change.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
14-5
Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage
Select the [+] beside End Users. Select Search/Maintenance. The Search/Maintenance page displays activated users. Locate the user and choose Edit. View the keep-alive interval for each phone in the list. Cisco Unified Mobile Communicator automatically adjusts the timeout interval to prevent unintended disconnects.
Step 3 Step 4
Step 5 Step 6
Select Info for the phone you want to view. View information: Download Information User ID PIN (Windows Mobile and Nokia Symbian only) URL (Windows Mobile and Nokia Symbian only) Download Description The User ID that the user will use to sign in to Cisco Unified Mobile Communicator. The PIN number the user will use to wirelessly download Cisco Unified Mobile Communicator. This PIN is automatically generated and expires after the number of days you specify in System Management > System Properties. The URL the user will enter into the phone browser to wirelessly download Cisco Unified Mobile Communicator. Select this button to download the client application to a computer for transfer to the mobile device using an application such as ActiveSync (for Windows Mobile) or Nokia PC Suite (for Nokia Symbian phones.) The world-routable host name the user will enter into Cisco Unified Mobile Communicator to connect to Cisco Unified Mobility Advantage. This is the same as the Proxy Host Name in System Management > Network Properties. Server Port The externally-accessible port that the user will enter into the phone for Cisco Unified Mobile Communicator to connect to Cisco Unified Mobility Advantage.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
14-6
Chapter 14
Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage How To View or Change User and Device Configuration
Description Some service providers, particularly in the United States, require or recommend that users access the internet through a portal that the service provider provides. This information is provided in the .oar file.
Phone Information Country Service Provider Phone Make/Model Phone Number Client Software Version Country of the phone service provider Service provider for the phone Phone make and model Phone number Cisco Unified Mobile Communicator version installed on the phone
Related Topics
Changing the PIN Expiry Period (For Client Downloads), page 13-5
Make sure the user has salvaged information from Cisco Unified Mobile Communicator, such as manually-added contacts or copies of text messages.
Procedure
Do This
Step 1
See Instructions:
(If the phone number has changed) Configure Configuring Cisco Unified Mobile Cisco Unified Communications Manager with the Communicator Devices in Cisco Unified new number. Communications Manager, page 3-21 Delete the existing mobile device. This also removes all data from the device and deactivates Cisco Unified Mobile Communicator. This procedure deletes the phone from Cisco Unified Mobility Advantage. Removing Cisco Unified Mobile Communicator Data from a Phone, page 14-8
Step 2
Step 3
Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage, page 15-1 Provisioning and Installing on BlackBerry Devices, page 16-9 Adding Phones and Installing the Client on Nokia Symbian Phones Using the Mobile Network, page 17-2
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
14-7
Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage
Related Topics
You can force a user to sign out of Cisco Unified Mobile Communicator. You can tell users to sign out by selecting Work offline (for BlackBerry or Nokia Symbian clients) or Log off (for Windows Mobile) from the Home view menu. (They must select Work online or Log on to log back in.)
Related Topics
Select the [+] beside End Users. Select Search/Maintenance. Locate the user and select Edit. Locate the phone from which you want to remove data and select Melt.
You add or change an office phone for the user in Cisco Unified Communications Manager. A user cannot find the phone, but does not believe that the phone is lost.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
14-8
Chapter 14
Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage How To View or Change User and Device Configuration
Procedure
Step 1 Step 2 Step 3 Step 4
Select the [+] beside End Users. Select Search/Maintenance. Locate the user in the list and select Edit. Locate the phone from which you want to force the user to sign out, and select Force Logout.
Deactivating a User
Procedure
Step 1 Step 2
Select the [+] beside End Users. Select User Activation/Deactivation. The User Activation/Deactivation page displays inactive users (under Search Results) and activated users (under Member List).
Select a directory to search using the Find Users In drop-down menu. Enter a name or partial name in the Search For field, or leave the field blank to produce every name in the selected directory. Select Search. Found names appear in the Member List window. Select or control-click the name or names to deactivate in the Member List window. Select Remove. Select Submit.
Related Topics
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
14-9
Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
14-10
CH A P T E R
15
Provisioning Windows Mobile Phones for the First Time, page 15-1 Upgrading Cisco Unified Mobile Communicator on Windows Mobile Phones, page 15-2
Upload the client software to Cisco Unified Mobility Advantage. See Uploading a Cisco Unified Mobile Communicator Release, page 13-2 See How To Add Users and Prepare to Add Their Devices, page 14-1. Configure the device for the user. See Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager, page 3-21. If you will provision the phone yourself, make sure the phone is with you and able to send and receive data.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6
Select the [+] beside End Users. Select Search Maintenance. Search for the user. Select Edit next to the user. Select Add Phone. Enter or select the required information:
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
15-1
Chapter 15 Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage Upgrading Cisco Unified Mobile Communicator on Windows Mobile Phones
Description Select the country of the service provider. Select phone service provider. For Release 7.0(1): Select phone model. For Release 7.0(2): Select your Windows Mobile operating system release.
Select language. Enter the area code and phone number for the phone you are adding in the following format: 5555555555. This phone number must exactly match the Destination Number you entered for the Mobile Identity when you configured the device for the user.
Turn on the phone. Select Next on the Admin Portal. Make note of the phone provisioning information displayed on the portal. This information is needed when you download and install Cisco Unified Mobile Communicator on the phone, as described next. Open the URL displayed on the portal on the phone:
a. b.
Enter the user ID and PIN and select Submit. Select Yes when prompted to download Cisco Unified Mobile Communicator. When complete, you receive a message stating the installation was successful. Press the End or Back key on the phone to return to the main menu. Give the phone to the user. The user can now start and sign in to Cisco Unified Mobile Communicator. Refer users to the User Guide for Cisco Unified Mobile Communicator for Windows Mobile Phones.
Related Topics
Obtain the new client software. See Obtaining Client Software and Upgrades, page 13-1.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
15-2
Chapter 15
Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage Upgrading Cisco Unified Mobile Communicator on Windows Mobile Phones
Upload the Cisco Unified Mobile Communicator upgrade files for supported devices to the Cisco Unified Mobility Advantage server. See Uploading a Cisco Unified Mobile Communicator Release, page 13-2. If you will perform the upgrade, make sure:
the device is with you and powered on the battery is charged the phone can connect to the internet
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5
Select the [+] beside End Users in the Admin Portal. Select Search/Maintenance to display a list of activated users. Search for the user by scrolling through the list or by searching by name or mobile phone number and selecting Search. Select Edit next to the user ID. Select Upgrade next to the phone you want to upgrade. The Upgrade icon displays only when there is a newer version of Cisco Unified Mobile Communicator available on the server than the one installed on the phone.
Select Yes to confirm the upgrade. Respond to the prompts to complete the software upgrade. Select Finish when the upgrade is complete. Give the mobile device to the user and tell the user to sign in to Cisco Unified Mobile Communicator.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
15-3
Chapter 15 Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage Upgrading Cisco Unified Mobile Communicator on Windows Mobile Phones
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
15-4
CH A P T E R
16
BlackBerry devices running the latest Release 3.x version of Cisco Unified Mobile Communicator will run with Cisco Unified Mobility Advantage Release 7.x, but users will not have Release 7.x features. See the Release Notes for limitations. Configure the BlackBerry Enterprise Server and Cisco Unified Mobility Advantage as follows:
How to Configure the BlackBerry Enterprise Server for Use With Cisco Unified Mobility Advantage, page 16-1 How to Make the Client Application Available to Users, page 16-3 Configuring Cisco Unified Mobility Advantage to Send Provisioning Messages to BlackBerry Devices, page 16-7 Preventing Outlook From Treating BlackBerry Provisioning Email Messages As Junk Mail, page 16-8 Provisioning and Installing on BlackBerry Devices, page 16-8
How to Configure the BlackBerry Enterprise Server for Use With Cisco Unified Mobility Advantage
Configuring IT Policies, page 16-1 Configuring Software Configuration Policies, page 16-2
Configuring IT Policies
Configure the following IT Policy settings on the BlackBerry Enterprise Server to enable the installation of third-party applications.
Procedure
Step 1
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
16-1
Chapter 16 Deploying Cisco Unified Mobile Communicator on BlackBerry Devices How to Configure the BlackBerry Enterprise Server for Use With Cisco Unified Mobility Advantage
Select the BlackBerry domain. Select Global tab > Edit Properties link > IT Policy. Select affected IT Policy, and select Properties. Select Security Policy Group. Set Disallow Third Party Application Download to False. Select TCP Policy Group. Set the following values for each GSM mobile phone service provider. In the U.S., these settings are: T-Mobile:
AT&T/Cingular:
Note
If you have multiple GSM mobile phone service providers, you must create multiple IT policies with different values in this field. For non-GSM mobile phone service providers, these values can be set to any value.
Open the BlackBerry Manager and select the BlackBerry domain. Select the Software Configurations tab. Select Manage Application Policies. Select Policy and select Properties Set these properties: Policy Disposition Internal Network Connection Setting Required Allowed
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
16-2
Chapter 16
Deploying Cisco Unified Mobile Communicator on BlackBerry Devices How to Make the Client Application Available to Users
What To Do Next
Install and configure Cisco Unified Mobility Advantage, and configure enterprise servers as applicable.
Allowing Third Party Application Downloads from the BlackBerry Enterprise Server, page 16-3 Downloading the BlackBerry Client Installer from Cisco Unified Mobility Advantage, page 16-4 Placing the Client Software on the BlackBerry Enterprise Server, page 16-5 Creating a Software Configuration File and Deploying it to Users, page 16-6
Allowing Third Party Application Downloads from the BlackBerry Enterprise Server
Note
For security reasons, some BlackBerry Enterprise Server configurations do not allow third party application downloads. You must temporarily allow third party application downloads in order to deploy Mobile Communicator on BlackBerry Devices. For more information on policy and software configuration settings, see the BlackBerry Enterprise Server Policy Reference Guide.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7
Sign in to the BlackBerry Enterprise Server. Select Global. Select Edit Properties. Select IT Policies in the IT Policy Administration window. Highlight IT Policies and select the More button located on the far right of the screen. You should see any policies that have already been provisioned. Select Properties and find the Security Policy Group. Select on the Security Policy Group.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
16-3
Step 8
Locate the Disallow Third Party Application Download setting and select False.
Step 9
Select OK.
Downloading the BlackBerry Client Installer from Cisco Unified Mobility Advantage
Before You Begin
Upload the client software to Cisco Unified Mobility Advantage. See Uploading a Cisco Unified Mobile Communicator Release, page 13-2
Procedure
Step 1 Step 2
Select the [+] beside Handset Platform Management in the Admin Portal. Select Version Management.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
16-4
Chapter 16
Deploying Cisco Unified Mobile Communicator on BlackBerry Devices How to Make the Client Application Available to Users
Step 3 Step 4
Select Download next to the BlackBerry device to download the Cisco Unified Mobile Communicator.zip file to your system. Extract the .zip file.
Allowing Third Party Application Downloads from the BlackBerry Enterprise Server, page 16-3
Procedure
Step 1
Browse to this location on the BlackBerry Enterprise Server to place the Cisco Unified Mobile Communicator files into a new share: C:\Program Files\Common Files\Research In Motion Create a placeholder folder titled \Shared\Applications for the Cisco Unified Mobile Communicator files: C:\Program Files\Common Files\Research In Motion\Shared\Applications Create a folder titled \cisco_umc within the \Applications folder: C:\Program Files\Common Files\Research In Motion\Shared\Applications\cisco_umc Place the following two files in the \cisco_umc folder (XX represents the language):
Step 2
Step 3
Step 4
cisco_umc_XX.cod cisco_umc_XX.alx Change to the Apploader directory: C:\Program Files\Common Files\Research In Motion\Apploader Run loader.exe /index. Browse to this location: C:\Program Files\Common Files\Research In Motion Select Everyone under Group or user names on the Share Permissions folder. Select Allow next to Read under Permissions for Everyone.
Step 5
b. Step 6
b. c. Step 7
Select OK.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
16-5
See the RIM document Creating a Software Configuration BlackBerry Enterprise Server Quick Start Supplement for more information.
Procedure
Sign in to the BlackBerry Manager-Security Administrator Authority. Select the Software Configurations tab on the BlackBerry Domain (near the top of the window). Select Add New Configuration. Type a name and description for the software configuration file that will contain the Cisco Unified Mobile Communicator application in the Configuration Name and Configuration Description fields. For example, Mobile Communicator Deployment. Enter the UNC name (not the local file path) in the Device Software Share Location field. Select OK. A list of device software and applications appears. The list includes the Cisco Unified Mobile Communicator application.
Step 5 Step 6
Set the Delivery to Wireless Only. Select the Policies button. Set the Application Control policies as shown in this example:
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
16-6
Chapter 16
Deploying Cisco Unified Mobile Communicator on BlackBerry Devices Configuring Cisco Unified Mobility Advantage to Send Provisioning Messages to BlackBerry Devices
Select the user name. Select Assign Software Configuration under Device Management. Locate the name of the Cisco Unified Mobile Communicator software configuration file you created in Step 4. For example, Mobile Communicator Deployment. Select OK. The BlackBerry Enterprise Server polls BlackBerry Devices every four hours. At that time, the server deploys any new or missing applications to the BlackBerry Devices.
Step 16
Configuring Cisco Unified Mobility Advantage to Send Provisioning Messages to BlackBerry Devices
Use SMTP Server Configuration to enable the Cisco Unified Mobility Advantage to send email messages to BlackBerry devices.
Before You Begin
Make sure that your SMTP Server allows relaying from Cisco Unified Mobility Advantage. For information, contact your SMTP administrator.
Procedure
Step 1 Step 2 Step 3
Select the [+] beside System Management. Select SMTP Server Configuration. Enter information: Item Host Name Description Hostname of your SMTP gateway. This must be the same as your Exchange hostname if you use the Exchange server as your SMTP gateway. Port number for the SMTP gateway. Usually, this is 25. Identifies whether or not your organization requires authentication on the mail server. If the value for this field is True, you will need to enter a password apart from an Admin Email address (see next two fields). Email address for the administrator responsible for management of Cisco Unified Mobility Advantage. Cisco Unified Mobility Advantage uses this email address to send provisioning emails and alerts to BlackBerry users. SMTP Authentication Password Password associated with the Admin Email address. Required only if the SMTP server requires authentication.
Admin Email
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
16-7
Chapter 16 Deploying Cisco Unified Mobile Communicator on BlackBerry Devices Preventing Outlook From Treating BlackBerry Provisioning Email Messages As Junk Mail
Step 4 Step 5
Select Submit. Restart Cisco Unified Mobility Advantage to activate the settings.
Preventing Outlook From Treating BlackBerry Provisioning Email Messages As Junk Mail
Have users perform the following procedure to prevent Microsoft Outlook from treating BlackBerry provisioning email messages as junk mail.
Before You Begin
Note the Admin Email address in the Admin Portal under System Management > SMTP Server Configuration. You will provide this to users.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8
Open Microsoft Outlook. Open the Tools menu and select Options. Select Preferences. Select the Junk e-mail button, and then select the Safe Senders tab. Select Add. Enter the Admin email address, and select OK. Select OK again to complete the configuration. Continue to check your Junk mailbox and, if necessary, disable junk-mail blocking during provisioning.
Add a phone for each user Install the client software You can use the procedure in this topic. You can have users add their own phones in the User Portal. However, you must still complete the requirements in the Before You Begin section of this procedure. Refer users to the Cisco Unified Mobile Communicator 3.x Quick Start Guide for BlackBerry Devices.
There are three ways to install the client software on BlackBerry devices:
You can automate installation from the BlackBerry Enterprise Server. However, each phone must still be associated with its user using one of the methods mentioned above. You can install the client manually on each phone using this procedure
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
16-8
Chapter 16
Deploying Cisco Unified Mobile Communicator on BlackBerry Devices Provisioning and Installing on BlackBerry Devices
You can have users install the client on their own phones by using the User Portal. However, you must still complete the requirements in the Before You Begin section of this procedure. Refer users to the Cisco Unified Mobile Communicator 3.x Quick Start Guide for BlackBerry Devices.
In order to prevent provisioning email messages from being routed to the Junk E-mail folder in Outlook, give BlackBerry device users the Admin Email address and the procedure in Preventing Outlook From Treating BlackBerry Provisioning Email Messages As Junk Mail, page 16-8. (Cisco Unified Mobility Advantage Release 7.0 only) By default access is restricted by device. You must remove this restriction for BlackBerry devices. To remove this restriction for all devices on the system, see Enabling Device ID Checking, page 12-1. After loading Cisco Unified Mobile Communicator on the BlackBerry Enterprise Server as described in Placing the Client Software on the BlackBerry Enterprise Server, page 16-5, Cisco Unified Mobile Communicator is automatically pushed out within four hours to activated users with the appropriate BlackBerry device data service. When this is complete, you can provision Mobile Communicator on the BlackBerry device. Follow procedures in How To Add Users and Prepare to Add Their Devices, page 14-1
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7
Sign in to the Cisco Unified Mobility Advantage Admin Portal. Select the [+] beside End Users. Select Search/Maintenance to display activated users. Search for the user by scrolling through the list or by searching by name or mobile phone number and selecting Search. Select Edit next to the user ID. Select Add Phone. Edit the Add Phone properties: Phone List Country Service Provider Phone Make/Model Language Phone Number Description Select the country of the service provider. Select the mobile phone service provider Select the mobile phone make and model Select language. Enter the area code and mobile phone number Use the format 5555555555.
Step 8 Step 9
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
16-9
If You are distributing the client software through the BlackBerry Enterprise Server You need to manually install the client software on the BlackBerry device
Follow the prompts that you see to install Cisco Unified Mobile Communicator on the BlackBerry device. Select Finish when installation is complete.
2.
What To Do Next
(Cisco Unified Mobility Advantage Release 7.0 only) If you did not disable Device ID checking for the entire system, you must disable it for each BlackBerry device you add. See Restricting Access By Device, page 14-2. Give the BlackBerry device to the user. The user must open Cisco Unified Mobile Communicator on the device and enter his or her Cisco Unified Mobile Communicator password at the sign-in prompt. Evaluate the items in Information to Give to Users, page 14-3 and provide the user with instructions for the tasks that you have not already completed.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
16-10
CH A P T E R
17
For Nokia phones running the Symbian OS, Cisco Unified Mobility Advantage Release 7.x supports both the Cisco Unified Mobile Communicator client for Release 7.x (for English only) and the latest Release 3.x client (for French, German, Spanish, and Italian). Release 3.x clients will not benefit from the new features available in Release 7.x. See the Release Notes for limitations. You can add phones to user accounts, or users can add their own phones using the User Portal. There are several methods to install the client application on the phone.
Upgrades of Nokia Symbian Phones from Client Release 3.x to Release 7.x, page 17-1 Adding Phones and Installing the Client on Nokia Symbian Phones Using the Mobile Network, page 17-2 Installing the Client on Nokia Symbian Phones from Your Computer, page 17-3
Upgrades of Nokia Symbian Phones from Client Release 3.x to Release 7.x
Client upgrades from Release 3.x to Release 7.x on Nokia Symbian phones do not follow the standard upgrade procedure. Instead, you or the users must delete their Nokia Symbian phones from the user accounts, then add each phone again as a new phone. When the user signs in to the new client release, the server will restore all data to the client on the phone. However, to ensure that no data is lost, users should be sure to connect to the server immediately before deleting the phone, in order to save any contacts or text messages they might have added since they last connected to the server.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
17-1
Chapter 17 Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones Adding Phones and Installing the Client on Nokia Symbian Phones Using the Mobile Network
Adding Phones and Installing the Client on Nokia Symbian Phones Using the Mobile Network
Cisco Unified Mobile Communicator can be installed on a Nokia Symbian phone using one of two methods: wireless installation or manual installation. You or the user can perform these operations.
Before You Begin
Do the following:
How to Make Client Software Available for Use, page 13-1 How To Add Users and Prepare to Add Their Devices, page 14-1. You can follow this procedure, or users can perform the tasks described in this topic using instructions in the user documentation. If users will do the installation, provide them with the information they need:
For Release 3.1.1 clients, refer users to the Cisco Unified Mobile Communicator 3.x Quick Start
the client for Nokia Symbian phones. User documentation is available from http://cisco.com/en/US/products/ps7271/products_user_guide_list.html.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6
Select the [+] beside End Users. Select Search/Maintenance to display activated users. Search for the user by scrolling through the list or by searching by name or mobile phone number and selecting Search. Select Edit next to the user ID. Select Add Phone. Edit the Add Phone properties: Phone List Country Service Provider Phone Make/Model Language Phone Number Configuration Method Description Select the country of the service provider. Select the mobile phone service provider Select the Nokia Symbian phone or series. Select language. Enter the area code and mobile phone number Select Over Air.
Step 7 Step 8
Select Next. Follow the prompts on the Admin Portal to install Cisco Unified Mobile Communicator on the mobile phone.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
17-2
Chapter 17
Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones Installing the Client on Nokia Symbian Phones from Your Computer
Step 9
What To Do Next
Do the following:
Uploading a Cisco Unified Mobile Communicator Release, page 13-2 How To Add Users and Prepare to Add Their Devices, page 14-1. Add phones to user accounts using the first part of the procedure in Adding Phones and Installing the Client on Nokia Symbian Phones Using the Mobile Network, page 17-2. Make sure that your computer and the Nokia Symbian phones are set up to use infrared, Bluetooth, or the Nokia PC Suite application. For information, see the documentation that came with your computer, your phone, and any additional hardware or software required for your chosen transfer method.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5
Select the [+] beside Handset Platform Management in the Admin Portal. Select Version Management. Select Download next to the Nokia Symbian phone to download the Cisco Unified Mobile Communicator .sisx file to your computer. Transfer the .sisx file to Nokia Symbian phones using infrared, Bluetooth, or the Nokia PC Suite application. Install the application if it does not install automatically.
What To Do Next
See Viewing Phone and Connection Information Per User, page 14-6 to obtain the information needed to provision the client application on each phone. Let users complete the provisioning process. Follow instructions in Information to Give to Users, page 14-3.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
17-3
Chapter 17 Installing the Client on Nokia Symbian Phones from Your Computer
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
17-4
CH A P T E R
18
Identifying Users Who Have Not Signed In, page 18-1 Viewing Cisco Unified Mobility Advantage Server Statistics, page 18-1 Viewing Call Reports, page 18-2 Viewing Summary Reports, page 18-3
Select the [+] beside End Users. Select User Activation/Deactivation. Note the asterisk preceding the name of each user who has not signed in.
Select the [+] beside Server Controls. Select Cisco. Select Control Server. Select Statistics. The statistics for Cisco Unified Mobility Advantage appear:
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
18-1
Definition Name of the Cisco Unified Mobility Advantage server. Date that Cisco Unified Mobility Advantage was last started. Amount of available memory, in bytes, on Cisco Unified Mobility Advantage. Number of users who are actively using Cisco Unified Mobile Communicator on their phone or the Cisco Unified Mobile Communicator User Portal. Total number of errors reported on Cisco Unified Mobility Advantage. To view these errors, search the log files for FATAL or ERROR. Total number of warnings reported on Cisco Unified Mobility Advantage. To view these warnings, search the log files for WARN.
Number of Errors
Number of Warnings
Step 5
Related Topics
Select the [+] beside Reports. Select Usage Report. Enter information: Field From To Report Type Definition Specify the start date for the report. Specify the end date for the report. Select the type of report:
TotalCalls placed, received, and missed on all user phones By UserCalls placed, received, and missed on specific user phones
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
18-2
Chapter 18
Viewing Statistics and Reports for Cisco Unified Mobility Advantage Viewing Summary Reports
Step 4
Select Submit.
Select the [+] beside Reports. Select Summary Report. Wait a few moments while Cisco Unified Mobility Advantage generates the report. View the generated information: Summary Report Total Number of Users - Provisioned Total Number of Users - Logged In Handset Summary Report Service Provider Phone Make/Model Client Version Number of Phones Definition Number of users with provisioned phones Number of users who have signed in to Cisco Unified Mobile Communicator on their phone Definition Service provider associated with the phone Type and model of the phone Version of Cisco Unified Mobile Communicator installed on the phone. Number of phones installed
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
18-3
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
18-4
CH A P T E R
19
Most problems arise from configuration errors or omissions, or problems with your network or mobile service providers.
Where To Start Troubleshooting, page 19-1 How to Solve Connection Problems, page 19-3 How to Solve Problems with Activation, Download, and Provisioning, page 19-4 How to Solve Problems Logging In to Client or User Portal, page 19-8 Phone Battery Depletes Quickly, page 19-8 How to Solve Call Log Problems, page 19-8 How to Solve Problems With the Dial Via Office Feature, page 19-10 How to Solve Voicemail Problems, page 19-12 How to Solve Problems with Availability Status (Presence), page 19-14 Conference Alerts Not Arriving Correctly, page 19-16 BlackBerry Users Do Not Receive Alerts, page 19-16 Lost or Stolen Mobile Device, page 19-17 How to View Error and Warning Logs, page 19-17 How To Recover From Server Failure, page 19-20 Enabling Remote Account Access for Cisco TAC Personnel, page 19-23
Make sure that the client device is functioning and connecting to the network properly. See the troubleshooting section in the client documentation for users for the relevant device at http://www.cisco.com/en/US/products/ps7271/products_user_guide_list.html for a list of simple things to verify for all problems before doing anything else, if any.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-1
Try, or have the user try, any troubleshooting tactics for the particular problem in the troubleshooting section or sections of the client documentation for the relevant device. For Release 7.0(2): Select the Test Config button on each page for the relevant adapter in the Cisco Unified Mobility Advantage Admin Portal to check for configuration errors. For Release 7.0(1): Check your configurations in the Cisco Unified Mobility Advantage Admin Portal for errors. If you are using a secure connection between Cisco Unified Mobility Advantage and the relevant enterprise server, try temporarily changing the Connection Type to TCP, Plain, or nonsecure in the Enterprise Adapter for that server, and on the relevant enterprise server for connections to Cisco Unified Mobility Advantage. Then stop and restart Cisco Unified Mobility Advantage. Do not forget to switch all settings on all servers back to secure connections after you have resolved the problem, if required. Change the Trust Policy to All Certificates in the Security Context associated with the enterprise server that provides the inoperative functionality, or upload a certificate from each affected server to the trust store in Cisco Unified Mobility Advantage. Then stop and restart the server (under Server Controls). Check the security policy of the relevant enterprise server with which Cisco Unified Mobility Advantage connects, to be sure you have deployed the required certificate from Cisco Unified Mobility Advantage. Disable and then re-enable the problem feature in the Admin Portal: Select Enterprise Configuration > Manage Adapter Services, then select the tab for the enterprise server that provides the feature. Disable the feature, then select Submit. See the bottom of the portal page to see whether you must stop and start the server before your change takes effect. Then enable the feature and select Submit. Again, stop and then restart the server if necessary. Check the Cisco Unified Mobility Advantage log files for errors. To find relevant information in the logs, search for exception until you find one with a keyword that may be related to the problem you are experiencing. For example, for problems with presence, look for an exception with CUP (Cisco Unified Presence). Make sure that the date and time are synchronized on all servers and mobile devices. If you did not specify a Network Time Protocol server during Cisco Unified Mobility Advantage installation, do so now. In the Unified Communications Operating System Administration pages, select Settings > NTP servers. See the online Help in the Unified Communications Operating System Administration pages for more information. Revisit configurations in both the relevant enterprise server and in Cisco Unified Mobility Advantage and re-enter the configuration settings. Then stop and restart Cisco Unified Mobility Advantage. A typing error or entry mismatch will cause features to fail. Configuration requirements for each feature are listed in the Enabling and Managing Features chapter.
Related Topics
Chapter 9, Managing Server Security in Cisco Unified Mobility Advantage Viewing Log Files, page 19-18 Accessing the Cisco Unified Operating System Administration Portal, page 11-2 Chapter 12, Enabling Features and Options in Cisco Unified Mobility Advantage
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-2
Chapter 19
No Connectivity On Initial Tests, page 19-3 Some Clients Cannot Connect on Initial Tests, page 19-3 Frequent Disconnects, page 19-4
IMEI/ESN number.
(For each user of a Release 3.x client) Allow Any Device is True.
Make sure that the client device is functioning and connecting properly to the wireless network. See the relevant troubleshooting section in the client documentation for the particular device for a list of simple things to verify for all problems before doing anything else. If you used the Configuration Wizard, make sure that you completed all procedures described in the chapter, particularly those required after you finish the wizard itself. From the Cisco Adaptive Security Appliance, ping an IP address on the internet. From the Cisco Adaptive Security Appliance, ping the private IP Address of the Cisco Unified Mobility Advantage server. Check your configurations against the instructions in the chapter on the Cisco Adaptive Security Appliance. Cisco Adaptive Security Appliance configuration errors are a likely source of connection problems.
Related Topics
Enabling Device ID Checking, page 12-1 Restricting Access By Device, page 14-2 Performing Additional Required Procedures, page 7-25 Fixing Unsuccessful Pings, page 2-18 Troubleshooting the Cisco Adaptive Security Appliance, page 2-16 Some Clients Cannot Connect on Initial Tests, page 19-3
In the Cisco Unified Mobility Advantage Admin Portal, check the following:
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-3
Enforce Device ID Check is False or (For each user of a Release 7.x client) Allow Any Device is True or you have entered an
IMEI/ESN number.
(For each user of a Release 3.x client) Allow Any Device is True.
Check the following on the Cisco Adaptive Security Appliance: Use This Command on the Cisco Adaptive Security Appliance sh tls-proxy tls-proxy maximum-sessions <number>
To Check the Maximum tls-proxy sessions set Set a new maximum number of connections
Frequent Disconnects
Problem Clients are unable to maintain connection to the server. Solution
If you will provision other users, check Cisco.com to see if there is a new .oar file. As Cisco collects data about optimal keep-alive values for the various countries, service providers, and device types, it may revise the initial keep-alive setting in the .oar file from which the client begins the adjustment. Extend the maximum time before the server ends the connection when there is no activity from the mobile device:
Select the [+] beside System Management. Select System Properties. Specify the Max Idle Time to Disconnect, in seconds. For example, set the value to 15-20 minutes (900-1200 seconds). Restart Cisco Unified Mobility Advantage. Repeat this procedure if needed, extending the time before disconnection.
Step 4 Step 5
User Activation, page 19-5 Cannot Find User to Activate, page 19-5 Searching Active Directory from User Activation/Deactivation Page Results in Errors, page 19-6 All Users Unable to Download Client Software, page 19-6 Some Users Unable to Download Client Software, page 19-6 Cannot Provision Clients, page 19-6
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-4
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage How to Solve Problems with Activation, Download, and Provisioning
Client Disconnects Unexpectedly, page 19-7 BlackBerry Provisioning and Alert Messages Not Received, page 19-7
User Activation
Problem User activation and deactivation are not working. Solution
Check the cuma.log file for problems connecting to LDAP (Active Directory) as Admin. Make sure that your Admin user DN and Password are correct. Check other settings, for example the Key field, in the Enterprise Adapter for Active Directory. For Release 7.0(2): When you check the Active Directory adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button on each page.
Step 1 Step 2
.
See if you can access LDAP with your credentials using a freeware LDAP browser:
Get the browser from http://www-unix.mcs.anl.gov/~gawor/ldap/. Enter information into the LDAP browser: Tab Name Connection Parameter Name Host Value Any value. IP address or domain name of your Active Directory server, as entered into the Active Directory configuration in the Cisco Unified Mobility Advantage Admin Portal. Uncheck this option. Check this option. Admin User DN that you entered in the Active Directory configuration in the Cisco Unified Mobility Advantage Admin Portal. Password for the Admin User.
Password
Step 3 Step 4
Select Fetch DNs. Select Save. If you cannot connect and view the Active Directory structure, there is a problem with your access credentials.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-5
Make sure that you have entered the correct Filter Criteria and Search Base into the Advanced Settings of the Active Directory configuration. Users whose configurations in Active Directory are missing required information do not appear in Cisco Unified Mobility Advantage. Add the first and last name, user ID, email address, and DN (or their equivalents as specified in the AD adapter configuration in Cisco Unified Mobility Advantage) into Active Directory. Only 1000 user IDs can be fetched from Active Directory.
listening on port 389. Telnetting to this top level domain on port 389 will also fail. Remove the offending server from the DNS list and stop and restart Cisco Unified Mobility Advantage.
Verify the server address and port in the Admin Portal in System Management > Network Properties. These must match the IP addresses and ports configured in the Cisco Adaptive Security Appliance. See if this is a firewall issue: Verify that you can telnet to the host and port listed in the provisioning message. Use Telnet, not a PC-based web browser.
Have the user try the troubleshooting tips for installation issues in the documentation for users. Check settings for that user in the Admin Portal in End Users > Search Maintenance. Also select the Info button on that page to Make sure that the phone information is correct.
(For each user of a Release 7.x client) Make sure that the IMEI number is entered correctly in the Device Identity Maintenance tab for the user, or set Allow Any Device to True, then attempt to reprovision. (For each user of a Release 3.x client) Set Allow Any Device to True, then attempt to reprovision.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-6
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage How to Solve Problems with Activation, Download, and Provisioning
This problem can occur with mobile device service providers that have a signing requirement in addition to Mobile2Market for Windows Mobile Standard Edition devices. These providers include, but are not limited to, Orange and South Korea Telecom. Set Allow Any Device to True in the Device Identity Maintenance tab for the user. Have the user try the solutions in the Troubleshooting section of the user documentation for the relevant device, if any.
Mobile Communicator automatically adjusts the keep-alive interval to prevent such disconnects. The optimal interval can vary significantly between countries, service providers, and device types.
Modify the Max Idle Time to Disconnect parameter on the System Management > System Properties page. For example, set the value to 15-20 minutes (900-1200 seconds). Continue to modify as needed. If you will provision other users, check Cisco.com to see if there is a new .oar file. As Cisco collects data about optimal keep-alive values for the various countries, service providers, and device types, it may revise the initial keep-alive setting in the .oar file from which the client begins the adjustment.
Related Topics
Cisco Unified Mobility Advantage alerts are sent to their BlackBerry device instead of to the Junk E-mail folder in Outlook. Give users the following information:
The Admin email address in System Management > SMTP Server Configuration. The following procedure.
Procedure
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8
Launch Microsoft Outlook on your computer. Select Tools > Options. Select Preferences. Select Junk e-mail Select Safe Senders. Select Add. Enter the Admin email address. Select OK.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-7
Step 9 Step 10
Select OK again. Continue to check your Junk mailbox; if necessary, disable junk-mail blocking during provisioning.
User Cannot Sign In, page 19-8 Users Receive Security Warning When Accessing the User Portal, page 19-8
Unit.
Related Topics
Changing the Active Directory Organizational Unit for Users, page 14-5
Related Topics
detects and adjusts the keep-alive interval to avoid unintended disconnects from the server. This problem should resolve itself soon.
Related Topics
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-8
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage How to Solve Call Log Problems
No Call Logs for One User, page 19-9 Native Call Logs Show Dial Via Office Calls As Incoming, page 19-9 Calls Missing from Call Logs, page 19-9 Release 7.0(2): Call Logs Do Not Identify Internal Callers, page 19-10
Release 7.0(2): When you check the Cisco Unified Communications Manager adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button.
Note
After making any configuration changes in either Cisco Unified Communications Manager or Cisco Unified Mobility Advantage, and before testing each change on a mobile device, do the following:
Restart Cisco Unified Mobility Advantage. Have the user sign out of Cisco Unified Mobile Communicator and then log back in.
Related Topics
super users for which you enabled CTI in Cisco Unified Communications Manager.
Related Topics
Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled Super User, page 3-19
mobile device as well as the number dialed, then connects the two calls.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-9
Chapter 19 How to Solve Problems With the Dial Via Office Feature
Note
After making any configuration changes in either Cisco Unified Communications Manager or Cisco Unified Mobility Advantage, and before testing each change, do the following:
Restart Cisco Unified Mobility Advantage. Have the user sign out of Cisco Unified Mobile Communicator and then log back in.
Have the user check the troubleshooting section of the user documentation for Cisco Unified Mobile Communicator for their device. Carefully revisit all information and procedures in each Related Topic for this section. Step through the configurations again and check for errors. Be sure not to overlook any Before You Begin or What To Do Next sections in the procedures. If you are using Cisco Unified Communications Manager Release 4.x, make sure that you have identified the correct Active Directory attribute for Work Phone in the Advanced Settings tab of the Active Directory adapter configuration. This value must be unique for each person configured in Active Directory. Verify that the adapter configuration for Cisco Unified Communications Manager is correct. For Release 7.0(2): Select the Test Config button at bottom of the page. Make sure Enable Corporate PBX integration is set to Yes in Manage Adapter Services for Cisco Unified Communications Manager. Also see whether the expiry time affects the missing messages.
Related Topics
How to Configure Call Log Monitoring, page 3-1 About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6 Enabling Call Log Monitoring and Configuring Options, page 12-2 Requirements for Configuring Devices in Cisco Unified Communications Manager (For All Cisco Unified Communications Manager Features), page 3-19
for matches the phone number format of the directory. Verify this format in the Phone Number Format field on the Basic Settings page of the Active Directory adapter. See the description for the Phone Number Format field for details.
Related Topics
Dial Via Office Feature is Not Working For All Users, page 19-11 Dial Via Office Feature is Not Working For One or More Users, page 19-12
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-10
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage How to Solve Problems With the Dial Via Office Feature
type of Dial-via-Office. How the feature works: When the user makes a call from Cisco Unified Mobile Communicator using the Dial-via-Office feature, Cisco Unified Communications Manager calls the user back at the number the user specifies, then calls the number that the user dialed, and then connects the call. Try the following:
Note
After making any configuration changes in either Cisco Unified Communications Manager or Cisco Unified Mobility Advantage, and before testing each change, do the following:
Restart Cisco Unified Mobility Advantage. Have the user sign out of Cisco Unified Mobile Communicator and then log back in.
Verify that the MobileConnect feature is working correctly independently of Cisco Unified Mobility Advantage. This ensures that Cisco Unified Communications Manager can reach the device, based on the configured mobility identity number and the rerouting calling search space on the device configuration page. Verify that the call log monitoring feature functions properly. If not, check the configurations for that feature first. If you change a CTI user ID and password in Cisco Unified Communications Manager, then you must change the corresponding CTI user ID and password in the Enterprise Adapter for Cisco Unified Communications Manager in Cisco Unified Mobility Advantage. Stop Cisco Unified Mobility Advantage before making this change, or your change will not be saved. For Release 7.0(2): When you check the Cisco Unified Communications Manager adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button at the bottom of the page to be sure you have entered the changes correctly.
For Release 7.0(1): If you change the CTI user ID and password in the Enterprise Adapter for Cisco Unified Communications Manager, this also overwrites the username in the SOAP Information section) of the adapter configuration. You must change this to the username of the Application User to which you assigned the AXL API access in Cisco Unified Communications Manager. Stop Cisco Unified Mobility Advantage before making this change, or your change will not be saved. Verify that you have entered the ports correctly in the Cisco Unified Communications Manager adapter. Try disabling secure connections between Cisco Unified Communications Manager and Cisco Unified Mobility Advantage by temporarily setting the transport type to a nonsecure type on each server. If the problem is resolved, revisit your server security configurations. Carefully revisit all information and procedures required for this feature. Step through the configurations again and check for errors. Be sure not to overlook any Before You Begin or What To Do Next sections in the procedures. For Release 7.0(2): When you check the Cisco Unified Communications Manager adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-11
If you change the cluster security mode in Cisco Unified Communications Manager to mixed mode, you must restart Cisco Unified Communications Manager to re-enable the dial-via-office feature.
Related Topics
How to Configure Dial Via Office, page 3-9 How to Configure Server Security for Connections with Cisco Unified Communications Manager, page 3-13
Dial Via Office Feature is Not Working For One or More Users
Problem Dial Via Office is not working for all users, or for users at particular locations or having particular mobile phone service providers. Solution
There may be a networking issue with the local GSM mobile data connection leading to timeouts. Carefully revisit all information and procedures in each Related Topic for this section. Step through the configurations again and check for errors. Be sure not to overlook any Before You Begin or What To Do Next sections in the procedures. Have the user check the Cisco Unified Mobile Communicator settings on the phone. Have the user sign out of Cisco Unified Mobile Communicator and then sign in again. If nothing else works, reset Cisco Unified Mobile Communicator in the Cisco Unified Communications Manager User Options web page: Select User Options > Device, then select your mobile device for Device Name. Select Reset. (This will not erase any data in Cisco Unified Mobile Communicator.)
Related Topics
Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled Super User, page 3-19 Configuring User Accounts in Cisco Unified Communications Manager, page 3-20 Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager, page 3-21 Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager, page 3-21
Unable to Access Voicemail, page 19-13 Unable to Access Voicemail Using DTMF, page 19-13 BlackBerry Users Cannot Access Voicemail After Upgrade from Release 3.x, page 19-13 Error On Accessing Voicemail, page 19-13 Missing Voice Messages, page 19-14 Some Users Do Not Receive Voice Messages, page 19-14 Users Cannot Receive Secure Voice Messages, page 19-14
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-12
Chapter 19
Verify that IMAP is enabled for the user in Microsoft Exchange (for Cisco Unity) or in Cisco Unity Connection. Check your configurations in the following Related Topics sections. For Release 7.0(2): When you check the voicemail adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button at the bottom of the Basic Settings page.
Have users sign out and sign in to Cisco Unified Mobile Communicator again after you make any changes.
Related Topics
Enabling and Configuring Voicemail, page 12-4 About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14
Related Topics
BlackBerry Users Cannot Access Voicemail After Upgrade from Release 3.x
Problem BlackBerry users cannot access voicemail after upgrade from Cisco Unified Mobility Advantage Release 3.x. Solution If the voicemail sign-in credentials differ from the sign-in credentials for Cisco Unified Mobile
Communicator, upgraded BlackBerry users must set their voicemail usernames and passwords in the User Portal before they can access voicemail from their BlackBerry devices. They can always access their voicemail using other standard methods regardless, such as by using their desk phone.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-13
Viewing and Changing Enterprise Adapter Settings, page 10-4 About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14
Make sure that the users are signed in to Cisco Unified Mobile Communicator. If the company has more than one voicemail or Exchange server, you must create an enterprise adapter for each. For Release 7.0(2): You can check the configuration by selecting the Test Config button at the bottom of the adapter page.
If client credentials differ from voicemail credentials, make sure that users have entered the voicemail credentials in the settings on the client or in the User Portal.
Related Topics
Release 7.0. For Cisco Unity, check the adapter configuration and Make sure that the SOAP information and user ID and password are entered correctly. For Release 7.0(2): You can check the configuration by selecting the Test Config button at the bottom of the Basic Settings page.
Related Topics
About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14
Presence Is Incorrect, page 19-15 User Cannot Change Status from Idle to Available, page 19-15
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-14
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage How to Solve Problems with Availability Status (Presence)
Viewing the Sign-in Status of a Cisco Unified Mobile Communicator User on Cisco Unified Presence, page 19-16
Presence Is Incorrect
Problem Availability status is not showing correctly. Solution
Have the user verify the troubleshooting steps in the user documentation for the relevant device, if any. Make sure that presence is showing correctly on other devices, such as Cisco Unified Personal Communicator. The problem may not be specific to Cisco Unified Mobility Advantage. If a user reports that his availability status appears different on different clients, for example Cisco Unified Personal Communicator: Have the user sign out and in again to force the synchronization. You can also force the sign out in the Search Maintenance page for the user. (Roll your mouse over the icons to see which icon to select.) See the documentation for Cisco Unified Presence, including but not limited to the section on integration with Cisco Unified Mobility Advantage and any troubleshooting information. See http://cisco.com/en/US/products/ps6837/tsd_products_support_series_home.html.
Check that the configurations are correct in the following Related Topics. For Release 7.0(2): When you check the Cisco Unified Presence adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button on each page.
Related Topics
Chapter 4, Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage Configuring a Presence Account for Each User in Cisco Unified Communications Manager, page 3-24 About Cisco Unified Presence Enterprise Adapter Settings, page A-10 Enabling Exchange of Presence, page 12-5 Obtaining Calendar Information for Meeting Notifications and Presence Integration, page 12-6 Viewing the Sign-in Status of a Cisco Unified Mobile Communicator User on Cisco Unified Presence, page 19-16
but the user is not using the computer. Since users cannot send instant messages between Cisco Unified Personal Communicator and Cisco Unified Mobile Communicator, this limitation ensures that other Cisco Unified Personal Communicator users do not mistakenly believe the user is available to receive instant messages in Cisco Unified Personal Communicator.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-15
Viewing the Sign-in Status of a Cisco Unified Mobile Communicator User on Cisco Unified Presence
Problem I need to see whether a mobility user appears as signed in on the Cisco Unified Presence server. Solution When you have completed the integration between Cisco Unified Presence and Cisco Unified Mobility Advantage, you can obtain this information using this procedure: Step 1 Step 2 Step 3
Sign in to Cisco Unified Presence Administration. Select Diagnostics > Presence Viewer. Enter a valid user ID.
Select Submit. Look at the Mobility Integration section for the status.
Related Topics
About Microsoft Exchange Enterprise Adapter Settings, page A-11 Enabling Conference Notifications, page 12-5 Obtaining Calendar Information for Meeting Notifications and Presence Integration, page 12-6
The procedure for preventing Outlook from treating these messages as junk mail. The Admin email address. The Admin email address can be viewed under System Management > SMTP Server Configuration.
Related Topics
Preventing Outlook From Treating BlackBerry Provisioning Email Messages As Junk Mail, page 16-8
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-16
Chapter 19
Removing Cisco Unified Mobile Communicator Data from a Phone, page 14-8
Specifying Log Information, page 19-17 Viewing Log Files, page 19-18
Select the [+] beside System Management. Select Log Configuration. Enter information:
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-17
Description Determines the level of information captured for the log file. Default is Info.
DebugRecords the largest amount of information in the logs. InfoRecords informational logs, warnings, errors, and fatal logs WarningRecords logs that are generated if the server encounters problems that impact a single user, more than one user, or impacts the system ErrorRecords logs that are generated if the server encounters problems that impact more than one user or impacts the system. If you select Error, only actual errors are displayed in the log. FatalRecords logs that are generated if the server encounters problems that impact the Cisco Unified Mobility Advantage system
Determines the size of each log file that is generated by the Admin Server and Managed Server. Value of this field should be between 1 and 999. Default is 20.
Determines the maximum number of log files that are preserved by the Admin Server and the Managed Server. Value of this field should be between 1 and 9999. Default is 100.
Step 4
Select Submit.
Use a tool such as PuTTY to remotely access the server using SSH. Sign in as the platform administrator using the sign-in information that you entered during installation. Determine which type of log file to view: For These Problems Problems with initial setup and configuration Problems with the Admin portal Problems after the system is up and running Most other problems View This Type of Log admin_init.log admin.log cuma.log cuma.log
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-18
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage How to View Error and Warning Logs
For These Problems For Release 7.0(1) only: Utility functions such as starting the Cisco Unified Mobility Advantage server (These logs are rarely used.) For Release 7.0(1) only: Utility functions such as starting the Cisco Unified Mobility Advantage server (These logs are rarely used.)
node_manager_init.log node_manager_init.log
There may be more than one instance of each log type. After a log file reaches the maximum size you specify in the Administration portal, the older information is separated into a separate file stamped with the date and time of the separation, for example admin.log<date and timestamp>.
Step 4
Use the command line interface (CLI) to find the logs to view: To List the files available for viewing For This Service admin service This service runs the Admin portal For Release 7.0(1) only: node manager managed server file list cuma * file list node_manager * Use This Command file list admin *
Step 5
View a log file: To Download a log file (You must use SFTP) For Release 7.0(1) only: node manager managed server For This Service admin service Use This Command file get admin admin.log where admin.log is one of the files in the list you viewed. file get node_manager node_manager.log where node_manager.log is one of the files in the list you viewed. file get cuma cuma.log where cuma.log is one of the files in the list you viewed.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-19
To Tail a log file (View the last few lines of a log file in real time)
Use This Command file tail admin admin.log where admin.log is one of the files in the list you viewed.
file tail node_manager node_manager.log where node_manager.log is one of the files in the list you viewed. file tail cuma cuma.log where cuma.log is one of the files in the list you viewed.
All
Press Control-C.
Search in the log file for exception until you find an exception associated with a keyword that indicates the source of the problem. For example, if the problem is related to Presence, look for an exception with the Cisco Unified Presence server.
Obtaining a Disaster Recovery Disk, page 19-20 Checking and Correcting Disk File System Issues, page 19-20 Reinstalling the Operating System and Cisco Unified Mobility Advantage, page 19-21 Restoring Cisco Unified Mobility Advantage Data From Your Backup, page 19-21 For Upgrades from Release 7.0(1): Reverting to a Previous Version of Cisco Unified Mobility Advantage, page 19-22
Insert the Disaster Recovery disk and restart the computer, so it boots from the CD.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-20
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage How To Recover From Server Failure
Enter option [F]|[f] and wait while the process completes. Enter option [M][m] and wait while the process completes. Enter option [V]|[v] and wait while the process completes. Enter [Q]|[q] to quit this recovery disk program.
What To Do Next
If this does not resolve the problem, see Reinstalling the Operating System and Cisco Unified Mobility Advantage, page 19-21.
Caution
This procedure reformats your hard drive. You will lose all the data that is currently on your hard drive. Insert the Disaster Recovery disk and restart the computer, so it boots from the CD. Enter W for Windows preinstallation setup. Enter Yes to continue. Wait for reformatting to complete.
What To Do Next
Reinstall the operating system and Cisco Unified Mobility Advantage. See Chapter 6, Installing Cisco Unified Mobility Advantage After reinstalling, restore from your backup file. See Restoring Cisco Unified Mobility Advantage Data From Your Backup, page 19-21
An existing backup is required. See Backing Up Your Cisco Unified Mobility Advantage Server, page 11-3. You must restore onto a working server that meets the hardware requirements of your original Cisco Unified Mobility Advantage server.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-21
This server must be on the network and accessible using SFTP. The SFTP path must exist prior to the backup.
Step 1
Install on the new server the identical operating system and Cisco Unified Mobility Advantage version as your main Cisco Unified Mobility Advantage server. You must assign this server the same IP address as your original Cisco Unified Mobility Advantage server. Skip the Configuration Wizard and access the Admin Portal instead. Select Disaster Recovery System from the list box at the top right of the page. Select Go. Sign in with the platform credentials you entered while installing Cisco Unified Mobility Advantage. Select Restore > Restore Wizard. Select the Backup Device you named when setting up your backups. Select Next. Select the date and time of the backup file from which you want to restore. Select Next. Select CUMA for Select Features. Select Next. Select the original server name as the server to restore. Select Restore. Wait until the restore status shows Success. Select Cisco Unified OS Administration from the list box at the top right of the window. Sign in to the Cisco Unified OS Administration portal. Choose Settings > Version. Select Restart.
Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 Step 17 Step 18 Step 19
For Upgrades from Release 7.0(1): Reverting to a Previous Version of Cisco Unified Mobility Advantage
If an upgrade from Cisco Unified Mobility Advantage Release 7.x is unsuccessful, you can use the Disaster Recovery Disk to revert to the previously-installed release. If you revert to a previous version of Cisco Unified Mobility Advantage, you will lose any configuration changes that you made using the upgraded software.
Before You Begin
Caution
This procedure reformats your hard drive. You will lose all the data that is currently on your hard drive. Insert the Disaster Recovery disk and restart the system, so it boots from the CD.
Step 1
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-22
Chapter 19
Troubleshooting Cisco Unified Mobility Advantage Enabling Remote Account Access for Cisco TAC Personnel
Step 2 Step 3
Enter W for Windows preinstallation setup. Enter Yes to continue. The Disaster Recovery disk formats your hard drive, so you can reinstall Cisco Unified Mobility Advantage.
Step 4 Step 5
Install Cisco Unified Mobility Advantage according to the instructions elsewhere in this guide. Use the Backup and Restore Utility to restore the previously backed-up data to the servers.
access for him or her. Only TAC personnel can use this access, and only if there is an open case. You specify the duration of this access when you enable it.
Before You Begin
You will need the platform administrator sign-in credentials you entered during installation. These are distinct from the Admin Portal sign-in credentials. You should also have the information summarized in Viewing Version and Configuration Information, page 11-2.
Procedure
Step 1 Step 2 Step 3
Use SSH to access the Cisco Unified Mobility Advantage server and sign in as the platform administrator. Run the CLI command utils remote_account enable. Run the CLI command utils remote_account create [account name] [life] where account name is any value and life is the duration of this access in days (1 to 30). Example: utils remote_account rootroot 30. This command creates a remote account with name rootroot for a life of 30 days and generates the passphrase for it.
Step 4
Give the TAC technician the Account name and Passphrase that appear. The technician will use this information to access the server remotely. Only TAC personnel can decrypt the passphrase and access the server.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-23
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
19-24
A P P E N D I X
You must configure an enterprise adapter for each enterprise server with which Cisco Unified Mobility Advantage connects. The values in the following tables are required for these configurations. You should enter your values into these tables before you begin the installation or the upgrade from Release 3.x.
About Active Directory Enterprise Adapter Settings, page A-1 About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6 About Cisco Unified Presence Enterprise Adapter Settings, page A-10 About Microsoft Exchange Enterprise Adapter Settings, page A-11 About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14
User authentication for access to the User Portal and Cisco Unified Mobile Communicator. Directory search for contacts from Cisco Unified Mobile Communicator Number-to-name resolution for caller identification in the call logs in Cisco Unified Mobile Communicator. Locating user information in Microsoft Exchange
Restrictions
At least one Active Directory server is required. Cisco Unified Mobility Advantage can connect to multiple Active Directory servers and to multiple OUs on the same Active Directory server, for example if you need to include users in different OUs. Create an adapter for each server or OU. Cisco Unified Mobility Advantage and Cisco Unified Personal Communicator must point to the same Active Directory server. All users sign in to Cisco Unified Mobile Communicator with their Active Directory passwords. These passwords cannot be longer 14 characters.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
A-1
Basic Settings, page A-2 Advanced Settings, page A-4 Exchange Lookup, page A-5
Basic Settings
These settings allow Cisco Unified Mobility Advantage to connect to Active Directory. Setting Host Name/ IP address Port Description Hostname or IP address of the corporate directory server. LDAP port of the corporate directory server. Cisco Unified Mobility Advantage uses this port to connect to the corporate directory for adding users to Cisco Unified Mobility Advantage and for user directory listing and searches. Default is 389. Admin DN The distinguished name of the account that Cisco Unified Mobility Advantage uses to read data from your corporate directory server. For example: CN=CUMA Read Only User,CN=Users,DC=department,DC=example,DC=com This account must have at least read-only permissions in your corporate directory server. It must also have a valid Exchange mailbox. Enter the DN in the long format including the container name. Do not use the short form (domain name/User ID). Password Authentication Type Connection Type The password for the Admin DN account. Simple. Type of connection to use between Cisco Unified Mobility Advantage and the corporate directory server. Use SSL for secure connections. Use Plain for nonsecure connections. This should match the connection type that Active Directory requires. Your Value
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
A-2
Appendix A
Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Active Directory Enterprise Adapter Settings
Description This setting appears only if you choose SSL for Connection Type. Select a Security Context for connections between Cisco Unified Mobility Advantage and Active Directory. If you choose a security context that has the Trust Policy set to Trusted Certificates, you must validate the identity of the Active Directory server, for example by importing a self-signed certificate from Active Directory into the security context.
Your Value
Frequency (in days) with which Cisco Unified Mobility Advantage checks the corporate directory server for updates. The default is 1 day. The format you enter here must match the format of the following phone numbers:
For Cisco Unified Communications Manager Release 4.x: Phone numbers in Active Directory in the attribute you specify for the Work Phone field in the Advanced Settings described in the table below. For other releases of Cisco Unified Communications Manager: The primary directory number for each person in Cisco Unified Communications Manager.
Be careful not to include any extra spaces, especially at the beginning or end of your number format. This information is required in order to identify callers by name. By default, Cisco Unified Mobility Advantage formats numbers using the North American Numbering Plan, (###) ###-####, where each # represents a digit. Up to ten digits will be formatted according to this pattern, starting from the right. Therefore:
If a number has 5 digits (for example, 12345), Cisco Unified Mobility Advantage searches Active Directory for the number in the format 1-2345. If a number has 6 digits (for example, 123456), Cisco Unified Mobility Advantage searches Active Directory for the number in the format 12-3456.
If you do not use any punctuation at all, the number format for the same number of digits as the default would be ##########. If you need to change this value after Cisco Unified Mobility Advantage is running, restart Cisco Unified Mobility Advantage after you make this change.
Related Topics
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
A-3
Advanced Settings
Do not change Attribute Name values from the default unless you are certain that a different value is the correct value. Setting
Attribute Names
Description Attribute name in Active Directory that represents the distinguished name of a user. For example: distinguishedName Attribute name in Active Directory that represents the first name of a user. For example: givenName Attribute name in Active Directory that represents the last name of a user. For example: sn Attribute name in Active Directory that represents the corporate name of a user. For example: sAMAccountName Attribute name in Active Directory that uniquely identifies a user. For example: distinguishedName
Distinguished Name
First Name
Last Name
User ID
Key
Home Phone
Attribute name in Active Directory that represents the home phone number of a user. For example: homePhone
Work Phone
Attribute name in Active Directory that represents the unique office phone number of a user. For example: telephoneNumber If you use Cisco Unified Communications Manager Release 4.x, Cisco Unified Mobility Advantage uses this attribute to identify calls for user call logs.
Mobile
Attribute name in Active Directory that represents the mobile phone number of a user. For example: mobile
Attribute name in Active Directory that represents the email address of a user. For example: mail
Search Settings
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
A-4
Appendix A
Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Active Directory Enterprise Adapter Settings
Description Criteria that distinguish employees from other resources in Active Directory, such as conference rooms that can be invited to meetings. Do not change the default value unless you have a specific reason to do so.
Search Base
This is the Distinguished Name (DN) of the node in the directory below which Cisco Unified Mobility Advantage will search for users to be activated, and for which contacts can be searched for users. Microsoft retrieves up to 1000 results per search. Use the lowest node that includes the necessary names. Using a higher node will create a larger search base and thus reduce performance.
Follow Referral
Determines if Cisco Unified Mobility Advantage follows referrals from the authoritative Active Directory server to cascaded Active Directory servers, for example for subdomains, when searching. The default value is True.
Exchange Lookup
These settings allow Cisco Unified Mobility Advantage to determine which Microsoft Exchange server at your company holds the user information for each user. Cisco Unified Mobility Advantage generally detects these values automatically. If you need to change these values, contact your Active Directory administrator. Setting Contact Adapter Description The name of the attribute within the corporate directory that identifies the logical Exchange server resource name for a user. For example: msExchHomeServerName DNS Host Name The name of the attribute within the corporate directory that identifies the DNS host name of a server machine. For example: dNSHostName Your Value
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
A-5
Appendix A Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unified Communications Manager Enterprise Adapter Settings
Description The mask for the Contact Adapter DN value. The format of the DN Mask is: ??,CN=Computer,DC=department,DC=example,DC=com Cisco Unified Mobility Advantage will use the value of the Contact Adapter setting (entered above) in combination with this DN Mask to search for the DNS hostname of a user's Exchange Server. ?? is substituted with the CN=<hostname of the Exchange server>. The following part is used to complete the DN. This complete string is then used to retrieve details about the user's Exchange host. The hostname is retrieved from Active Directory using the Contact Adapter attribute of the user entry. Contact Adapter (msExchHomeServerName). For example, if in Active Directory for user test1, the msExchHomeServerName is "myExchange" and the DN Mask is configured as ??, CN=Computer, DC=myDivision, DC=somecompany, DC=com, then the Cisco Unified Mobility Advantage Enterprise server will lookup the following entry in Active Directory to get details about the Exchange server and use it to store personal contacts of the test1 user: CN=myExchange, CN=Computer, DC=myDivision, DC=somecompany, DC=com
Your Value
The Distinguished Name of the root node that contains your Exchange Server's information in your corporate directory. For example: CN=Computers,DC=department,DC=example,DC=com Cisco Unified Mobility Advantage searches the Exchange Server from this root node. Use the lowest node that includes the necessary names. Using a higher node will create a larger search base and thus reduce performance if the directory is very large. Microsoft retrieves up to 1000 results per search.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
A-6
Appendix A
Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unified Communications Manager Enterprise Adapter Settings
Server Settings
These settings allow Cisco Unified Mobility Advantage to connect to Cisco Unified Communications Manager in order to:
Retrieve unified call log information to display in Cisco Unified Mobile Communicator. This allows Cisco Unified Mobile Communicator users to view lists of calls to and from their main office phone number.
Support the unified calling features, Dial-via-Office and Mobile Connect (formerly Single Number Reach)
Note
Scroll down in the Admin Portal window to see all required settings.
Description
Your Value
Primary Host Name The hostname or IP address of the primary Cisco Unified Communications Manager server that is running the CTI super user account or accounts that you created. Primary Server Port The port used to communicate with the primary Cisco Unified Communications Manager server. The default is 5060. Backup Host Name (Optional) The backup server host name or IP address. Backup Server Port The port used to communicate with the backup Cisco Unified Communications Manager server. CTI User Credentials User Name Enter the super user or super users you configured in Cisco Unified Communications Manager for call log monitoring or Dial via Office. You can add up to four CTI User accounts. Password SIP Information Transport Type Select TLS for secure connections. Select TCP for normal connections. Select UDP for connections without error correction. The default transport type is TCP. This must match the setting in the CUMA Server Security Profile on the Cisco Unified Communications Manager server. Communications Manager Version If Cisco Unified Mobility Advantage is running, stop it before you change this value. Enter the password or passwords associated with the user name or names above.
For Release 7.0(1): SOAP Information For Release 7.0(2): Web Services Information
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
A-7
Appendix A Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unified Communications Manager Enterprise Adapter Settings
Description The SIP port number of the Cisco Unified Communications Manager server. This is often the same secure port that runs the Cisco Unified Communications Manager Administration page. Cisco Unified Communications Manager runs the AXL interface on this port. The default is 8443.
Your Value
User Name Password Security Context This option is available only with Cisco Unified Communications Manager Release 7.0.
Related Topics
The Cisco Unified Communications Manager Application User Name to which you assigned standard AXL API access. The Password for the user in the row above. Select a security context for the Cisco Unified Communications Manager server. For the simplest configuration, choose a Security Context that has the Trust Policy set to All Certificates. If you choose a security context that has the Trust Policy set to Trusted Certificates, you must deploy necessary certificates.
Additional Information
Configuring Standard AXL API Access to Retrieve User Information, page 3-5 Device Pool Requirements, page 3-12 Chapter 9, Managing Server Security in Cisco Unified Mobility Advantage. Importing Self-Signed Certificates from Trusted Servers, page 9-10 Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
A-8
Appendix A
Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unified Communications Manager Enterprise Adapter Settings
Purpose
Description
This setting identifies Enter a descriptive name for this rule. the rule in the list. The name can contain up to 50 alphanumeric characters and can contain any combination of spaces, periods (.), hyphens (-), and underscore characters (_). If you are performing this configuration in Cisco Unified Communications Manager:
For rules to be applied to incoming calls, the Rule Name MUST begin with indir. For example, indir_international. For rules to be applied to outgoing calls, the Rule Name MUST begin with outdir. For example, outdir_internal.
You do not need the indir and outdir prefixes if you are configuring lookup rules in Cisco Unified Mobility Advantage. Rule Description (Configurations in Cisco Unified Communications Manager only) Rule Type (Configurations in Cisco Unified Mobility Advantage only.) Number Begins With This setting describes Enter a description of the rule. the rule.
These settings To apply this rule to calls to the primary desk phone identify the phone number, choose Incoming. numbers to which this To apply this rule to calls dialed from the desk phone rule will apply. or (for Cisco Unified Communications Manager 7.0 only) from the mobile phone using Dial-via-Office, choose Outgoing. Enter the digits at the beginning of the phone number to which this rule will apply. Valid values include numeric digits (0 through 9), plus (+), asterisk (*), and pound (#). Omit formatting such as spaces, dashes, or parentheses.
Number of Digits
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
A-9
Purpose These settings specify the transformation required for the dialed or received phone number to match the number for the correct person in the directory.
Description Enter the number of digits to strip from the beginning of the phone number. You can also leave this setting blank to leave the number as it is. Enter the digits to prepend to the number, whether or not digits are removed.
You must enter a Valid values include digits (0 through 9), plus (+), value in at least one of asterisk (*), and pound (#), or no value. these settings.
Related Topics
Basic Settings
Setting Description Your Value
Host Name/IP Address Hostname or IP address of the Cisco Unified Presence server to which all Cisco Unified Mobility Advantage users are assigned. Port Port on which Cisco Unified Mobility Advantage will communicate with Cisco Unified Presence. (The port of the SOAP Web Service interface that Cisco Unified Presence listens on to accept user sign-in requests.) The default is 8443. Backup Host Name/ IP Address (Optional) Hostname or IP address of the backup Cisco Unified Presence Server, if you have one.
Application User Name The user ID of the Application User you created in Cisco Unified Presence.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
A-10
Appendix A
Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Microsoft Exchange Enterprise Adapter Settings
Description Password for this Application User. Select a security context for the Cisco Unified Presence server. For the simplest configuration, choose a Security Context that has the Trust Policy set to All Certificates. If you choose a security context that has the Trust Policy set to Trusted Certificates, you must deploy necessary certificates.
Your Value
Related Topics
Chapter 9, Managing Server Security in Cisco Unified Mobility Advantage. Importing Self-Signed Certificates from Trusted Servers, page 9-10 Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5
Advanced Settings
Do not change these values from the defaults unless you have specific reason to do so. Setting SIP Settings Default Subscription Interval Transport Type Default is 3600. Default is TCP. If you configured Cisco Unified Presence to require a TLS connection, you must select TLS here. Listen Port Min Connections Max Connections Max Load Per Connection Default is 5060. Default is 5. Default is 20. Default is 200. Description Your Value
Directory Lookup for personal contacts of users Caller identification of people who are in the personal contact of users Triggering meeting notifications in Outlook
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
A-11
Triggering availability status changes to In a Meeting based on meetings that appear in the Exchange calendar of each user
Meeting notifications and availability status changes are triggered only for Cisco Unified MeetingPlace or Cisco Unified MeetingPlace Express meetings that users schedule using the Outlook Plug-In for their respective conferencing product. At least one Exchange server is required. Cisco Unified Mobility Advantage can connect to multiple Exchange servers. Create an adapter for each. You entered values into these tables while preparing to install or to upgrade from Release 3.x.
Basic Settings
Setting Description If Microsoft Exchange is clustered, use the hostname associated with the Outlook Web Access (OWA) bridgehead. Transport Type TLS is the secure transport type. Select TLS if Exchange is running SSL. TCP is the nonsecure transport type. Select TCP if Exchange is not running SSL. Port The port used to connect the Cisco Unified Mobility Advantage Server to the Exchange server. This is the Outlook Web Access (OWA) port of the Exchange server. The default port for SSL connections is 443. The default port for non-SSL connections is 80. Exchange Domain The domain for this instance of the Exchange server. For example, CORP. This is the domain that users use when logging into their Windows desktops. Your Value
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
A-12
Appendix A
Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Microsoft Exchange Enterprise Adapter Settings
Description The suffix that is appended to usernames to complete their corporate email address. Leave this setting blank unless you have a specific reason to change it, for example if you have email addresses with subdomains such as sales.yourcompany.com that resolve to a single domain such as yourcompany.com. If email addresses cannot be determined from Active Directory, obtain this value from your Exchange administrator. This suffix must be a fully qualified DNS domain name. It is often, but not always, yourcompany.com. Do not include the @ character.
Your Value
Polling Period (sec) This setting does not appear in the Configuration Wizard.
Determines how frequently to poll the Exchange server for contact and unified voicemail updates. Default setting is recommended. A short polling period can adversely affect the performance of the Exchange and Cisco Unified Mobility Advantage servers.
Connection Pooling
Cisco Unified Mobility Advantage maintains a pool of connections to Exchange for use as needed, in order to minimize the need to continually reconnect to and disconnect from Exchange. This pool of connections is configured by settings in this tab. You should not need to change these settings from the default. These settings do not appear in the Configuration Wizard. Connection Pooling Max Connections When Exhausted Description Maximum number of concurrent connections between Cisco Unified Mobility Advantage and the Exchange server. When the maximum number of connections is allocated, this determines whether the demand for more connections will grow the pool, or have the requests queued up.
Your Value
Maximum allowable wait time (in seconds) before timeout, if Block is selected in the When Exhausted setting. Maximum number of connections that can remain idle at any given time. If the number goes above this, the server starts closing the connections.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
A-13
Appendix A Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings
Basic Settings
Setting IMAP Information Unity Exchange Hostname/IP Address For Cisco Unity: Hostname of the Exchange server. If you have users on more than one Exchange server, create a separate Cisco Unity adapter for each Exchange server. For Cisco Unity Connection: IP address of the Cisco Unity Connection server. If you have users on more than one Cisco Unity Connection server, create a separate adapter for each Cisco Unity Connection server. Port If Transport Type is TCP:
Description
Your Value
For Cisco Unity: Default is 143. For Cisco Unity Connection: Default is 7993 For Cisco Unity: Default is 993 For Cisco Unity Connection: Default is 7993
The frequency with which Cisco Unified Mobility Advantage checks for new voice messages. The default is every 600 seconds. Very frequent polling may impact performance.
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
A-14
Appendix A
Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings
Description The connection type for connections to the Exchange server (for Cisco Unity) or to the Cisco Unity Connection server. This setting must match the setting on the Exchange or Cisco Unity Connection server. Select TLS for secure connections (SSL on Exchange or TLS on Cisco Unity Connection). Select TCP for nonsecure connections.
Your Value
Security Context
Select a security context if you chose TLS as the Transport Type. For the simplest configuration, choose a Security Context that has the Trust Policy set to All Certificates. If you choose a security context that has the Trust Policy set to Trusted Certificates, you must deploy certificates.
Select Yes if the user ID and password for user account on the Are the Voicemail credentials for the voicemail system is the same as in Active Directory. user the same as the Select No otherwise. corporate credentials? Unity Version If you are using Cisco Unity Release 7.x, enter the following SOAP information.
SOAP Information Information in this section applies only to Cisco Unity Release 7.x. Unity Host Name/ IP Address The host name or IP address of the Cisco Unity server. This may or may not be the same as the Unity Exchange Host Name/IP Address which hosts the voice messages that are retrieved by IMAP, which you entered above. Select TLS for SSL connections. Select TCP for nonsecure connections. This must match the connection type you specify in Cisco Unity. Port Unity Backup Host Name/ IP Address Application User Name The SOAP port. The default port for TLS is 443, and the default for TCP is 80. The host name or IP address of a back up Cisco Unity server if you have one. The Cisco Unity Application user ID. This is the same user ID that you use to sign in to the Cisco Unity Administration page. The Microsoft Exchange or NT domain of the Cisco Unity inbox.
Note
Transport Type
Application Password The Password for the Unity Application User. Domain
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
A-15
Appendix A Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings
Description Select a security context for the voicemail server. For the simplest configuration, choose a Security Context that has the Trust Policy set to All Certificates. If you choose a security context that has the Trust Policy set to Trusted Certificates, you must deploy necessary certificates.
Your Value
Related Topics
Chapter 9, Managing Server Security in Cisco Unified Mobility Advantage. Importing Self-Signed Certificates from Trusted Servers, page 9-10 Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5
We recommend that you keep the default Unity voicemail settings. Do not change these settings unless recommended to do so by Cisco support.
Setting Phone number search field name Phone number search pattern
Description Field to search the phone number of a caller. Default is Subject. We recommend that you do not change the default value. Regular expression for the search pattern that should be used in the Phone Number Search Field Name field. This information is used to identify callers by matching information from Cisco Unity and Cisco Unified Communications Manager with existing contact information in Exchange and Active Directory. Default is the regular expression [0-9]{4,} We recommend that you do not change the default value.
Your Value
Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0
A-16